General
115 results found
-
Send enrollment email upon valid domain verification
I successfully enrolled in domain search, but never got a confirmation message. Now when I forget whether or not I've enrolled my domain in a year (as will surely happen), I have no way of knowing if I'm just repeating efforts.
16 votes -
Paypal option to pay API key
Not everyone has a creditcard. Should be nice if I can pay the API key with paypal :)
16 votes -
Add simple breakdown to search results (passwords and hashes or not, etc)
For the initial "Have I Been Pwned" lookup, a summary of the types of results would help users better understand the associated risk.
So this:
"Oh no, pwned in 20 breaches"
... could be expanded to something like:
"Oh no, pwned in 20 breaches:
7/20 leaks included password or password hashes
13/20 do NOT have passwords - just contact and similar metadata"
... etc
This could be styled nicely however it makes sense - in a table, pie chart, etc. And it could be expanded later to include whatever level of detail makes sense - maybe strong/slow hashes vs weak/fast…
16 votes -
Authorize Domain by API
Add API Functions to Authorize by TXT records to the API.
The way I'd do it would be to add an endpoint to view the TXT Record details you need to add... then a second endpoint to verify the TXT Record is valid...Abuse Mitigations are pretty easy, cap max hits/min to the second Endpoint as it has to perform DNS lookups to do it.
And the first endpoint can't really be abused anyway as no doubt you combine the user's email plus the domain to get the hash in the TXT record... so that's a nothing function.This will…
14 votes -
Report as an email containing additional details
if the email address matches the username, provide associated data elements that have been breached. These could be as follows..
1. plain-text passwords, password hashes associated with the email add.
2. other PII .. address, phone#, IP, etc.13 votes -
Add an Ethereum / Bitcoin SV / credit card / other for donations
Add an Ethereum address for donations and convert all existing Bitcoin donations to renBTC (there's more Bitcoin in the Ethereum network than on the lightning network) via bridge.renproject.io and exchange renBTC for Ethereum via 1inch.eth.link (1inch exchange).
13 votes -
12 votes
-
Opt-in again after opting-out
I know that these suggestions have appeared many, many, many times.
While it is currently possible to change your mind to another of the three points after you opt-out, it would be more useful and right to add the option to opt-in back. At least for new breaches.
One of the reasons is that 1Password Watchtower simply stops working for email searches.
12 votes -
Add additional contacting email addresses for domain search
Add itsecuity@domain.com as one of the contacting addresses for a domain search as this is a common address these days.
11 votes -
Add an API to get the most recent breach date by account/email
On my website, I'd like to detect if the user's password has been recently breached so I can ask them to reset their password. It would be easy if there is an endpoint that given an account/email returns a single timestamp or breached date of the most recent breach if there is one.
With the current API, the only way to achieve this is to use the v3 breachedaccount API with the option truncateResponse set to false. The untruncated response body of the endpoint is quite large. On top of that, I'd have to deserialize the response to JSON then…
11 votes -
Have HIBP lookup security.txt mail addresses for Domain Search verification.
Security teams within larger and less mature enterprises struggle to achieve regular access to new breach info based on the current verification process.
Security.txt was implemented as a standard for disclosures, so it would make sense this would also be leveraged for validating domain searches by security teams. Also, would make accessing new affect users easier for larger international organizations where the DNS registration is non-standard or inaccessible.
11 votes -
excel sheet with all sites breaches with headers
Breach, Compromised Data, Date of Compromise etc., this was already contained in the site https://haveibeenpwned.com/PwnedWebsites
I'm just requesting you to provide the same in excel format.11 votes -
Have a page with mitigation directions for the technically challenged.
For those of us who are technically challenged, directions on how to mitigate any damage if found to have been breached. For example, my husband and I found that our Adobe accounts were breached, but we do not know when he signed up as he does not have a computer and only created an email when he got a smart phone about 4 years ago. He has no idea of how he got signed up for Adobe. To be honest, I do not remember signing up or into that service either, although I do have it on my computers and…
11 votes -
List registered email addresses for domain notification
Can we please have an notification sent to advise which email addresses have been subscribed to domain notifications over time and an option to remove email addresses from domain notifications.
11 votes -
Enabl API to be queried such that it returns only the breach name
At present, searching the API returns all data about the breach including description and other meta data. For high volume API consumers, it would be preferable to return just the breach name. Meta data about the breach could then be retrieved in a single API query to the breach service. This would reduce the response size for each query by more than 90%.
11 votes -
add a webhook option for domain breach notifications.
In addition to notifications via email, add a webhook option to be notified when your domain appears in the data breach list.
10 votes -
Domain wide search results - Refined export of data
It would be great to refine the export data for domain wide searches.
Something i would like to do is notify the users of new breaches. If i run the report periodically, i can easily compare the results and for any differences script a personalised mailout informing my users of such exploit.
Cheers,
Ivan10 votes -
Filter breaches by "AddedDate"
Add a date filter to the api/breachedaccount/{account} endpoint.
In this way, we can only query breaches that were added after X date. This is helpful for notifications and reduces the amount of data we retrieve.
10 votes -
Full email service for companies to help CISOs
Hello,
I'm using Have I been Pwned to find out unsealed email accounts and passwords for our company domain and I'm very pleased about this service.
But to make life easier I suggest the following service:
1) I sign in at Have I Been Pwned.
2) I type in and confirm all domains of my company
3) I define a text to inform my users about a possible problem, that their passwords are maybe lost.
4) I accept the actual status of unsealed account information as the base line
5) If new breaches of user accounts will occur Have I…9 votes -
Summarise the breach info at the top of domain wide searches
When you search across a domain at present, the breach name is listed next to each impacted account but it's not clear when it happened or when it was loaded into HIBP. It might not make sense to list this info next to every single breached account in the list, but a summary at the top of the page listing key attributes of each relevant breach would be handy.
8 votes
- Don't see your idea?