204 results found

1. Apple and Google have both found passwords that this tool did not.

   I have long since left browser and OS password managers behind. I now use Vaultwarden. I like it because it will check passwords against your service for me (In fact, I pay for a subscription). Recently, I was on my iPad, and it told me that some of my passwords had been compromised. I had forgotten about having passwords on there. Most of them were old and changed. The one that surprised me was for my security camera system. It has not been changed. This password has been stored for a while and checked many times through HIBP (by way of vaultwarden). This means that Apple caught a breach that HIBP missed.

   I am not saying they are better. I just wonder if you are adding new methods of finding these leaked passwords, and/or investigating where Apple and Google source theirs from?

   I have long since left browser and OS password managers behind. I now use Vaultwarden. I like it because it will check passwords against your service for me (In fact, I pay for a subscription). Recently, I was on my iPad, and it told me that some of my passwords had been compromised. I had forgotten about having passwords on there. Most of them were old and changed. The one that surprised me was for my security camera system. It has not been changed. This password has been stored for a while and checked many times through HIBP (by way… more

   1 vote

   Vote Vote Vote

   Vote

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   1 vote 2 votes 3 votes Remove votes

   You have left! (?) (thinking…)
   0 comments  ·  Delete…  ·  Admin →
   How important is this to you?

   Not at all You must login first! Important You must login first! Critical You must login first!

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close
   declined  ·  AdminTroy Hunt (CEO / Founder, Have I Been Pwned) responded

   There will always be gaps between different services simply by each having different sources of dat.

2. Provide an email address to send you PROBLEMS with your confirmation system

   I tried to set up a notification to my email, but the confirmation email you sent came in without a link (twice). I would have liked to notify you privately, but can't find any email on your site to write to privately! I use webmail on a HostGator hosted domain that I own, but the email comes in with text and a big blue banner where the link should be, but no link.

   0 votes

   Vote Vote Vote

   Vote

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   1 vote 2 votes 3 votes Remove votes

   You have left! (?) (thinking…)
   1 comment  ·  Delete…  ·  Admin →
   How important is this to you?

   Not at all You must login first! Important You must login first! Critical You must login first!

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close
   declined  ·  AdminTroy Hunt (CEO / Founder, Have I Been Pwned) responded

   Support question, not an idea

3. A search for xyz@gmail.com and xyz@googlemail.com should return the same

   Since user@gmail.com is the same address as user@googlemail.com the returned data should also be the same, currently you'd have to enter both addresses.
   Some users might not even know about this.

   0 votes

   Vote Vote Vote

   Vote

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   1 vote 2 votes 3 votes Remove votes

   You have left! (?) (thinking…)
   1 comment  ·  Delete…  ·  Admin →
   How important is this to you?

   Not at all You must login first! Important You must login first! Critical You must login first!

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close
   declined  ·  AdminTroy Hunt (CEO / Founder, Have I Been Pwned) responded

   This is akin to what’s already been proposed in this suggestion: https://haveibeenpwned.uservoice.com/admin/v3/suggestions/6774229/

   Namely that there are multiple versions of an address that all go to the same mailbox. It’d be great if you could leave that comment over on that idea and I’ll close this one out.

4. You are compromising the security of the people

   Regarding the recent Ledger data breach, anyone that types a compromised email address knows that he/she has a ledger wallet and crypto. You are leaking to everybody the same information leaked by the hackers and you are compromising the security of that person by revealing the email, exposing him or her to phishing attempts and even to physical risk if the person that performs the search knows the identity of the owner. This is a very serious issue. Please consider sending the results only by email at least for these most serious data breaches where there is physical risk for the affected people.

   Regarding the recent Ledger data breach, anyone that types a compromised email address knows that he/she has a ledger wallet and crypto. You are leaking to everybody the same information leaked by the hackers and you are compromising the security of that person by revealing the email, exposing him or her to phishing attempts and even to physical risk if the person that performs the search knows the identity of the owner. This is a very serious issue. Please consider sending the results only by email at least for these most serious data breaches where there is physical risk for… more

   0 votes

   Vote Vote Vote

   Vote

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   1 vote 2 votes 3 votes Remove votes

   You have left! (?) (thinking…)
   0 comments  ·  Delete…  ·  Admin →
   How important is this to you?

   Not at all You must login first! Important You must login first! Critical You must login first!

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close
   declined  ·  AdminTroy Hunt (CEO / Founder, Have I Been Pwned) responded

   There are many, many very good reasons why the service operates in this fashion: https://www.troyhunt.com/the-ethics-of-running-a-data-breach-search-service/