General

  1. Sort breaches by date

    This is mostly useful for those of us who like to check for new leaks involving our email addresses every few months. Currently one has to read through the whole list of results since they're in a seemingly arbitrary order, including those one has already changed the relevant passwords for.

    19 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  2. 19 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  3. Provide localised language versions

    IMO, HIBP is so useful that every single person in the world should have it bookmarked and all companies should monitor their domains accounts using it. Some users in our company use their business email address to create accounts in several websites, and thanks to HIBP our IT team is warned when one of them is pwned.
    We thought it would be a great idea to tell everyone about HIBP so they could verify and monitor their own personal accounts, so we did it by sending an email telling about HIBP to everyone in the company. Everyone was able to…

    17 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  4. Fix multi-domain search results

    Apparently, multi-domain search result for breached email account sets are broken. Maybe only for large result sets?
    I did a multi-domain search after the avectis breach notification with over 10.000 of our company and customer emails affected. However, the "Breached email accounts" tab in the excel format was empty. The HTML did not load (result set to big) and the JSON also only included "{"BreachSearchResults":null, ..."
    Can you check this please?

    15 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    9 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  5. Make a section on what to do if you have been pawned.

    So, Iv'e been pawned? What's next? What do I need to do? How can I fix this issue or protect myself from this happening again? You talk about being pawned but I don't see anything in simple English on the next steps besides using your password generator which I have been using for years but still got pawned.

    15 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  6. Send enrollment email upon valid domain verification

    I successfully enrolled in domain search, but never got a confirmation message. Now when I forget whether or not I've enrolled my domain in a year (as will surely happen), I have no way of knowing if I'm just repeating efforts.

    14 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  7. Report as an email containing additional details

    if the email address matches the username, provide associated data elements that have been breached. These could be as follows..
    1. plain-text passwords, password hashes associated with the email add.
    2. other PII .. address, phone#, IP, etc.

    13 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  8. Paypal option to pay API key

    Not everyone has a creditcard. Should be nice if I can pay the API key with paypal :)

    13 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  9. Enabl API to be queried such that it returns only the breach name

    At present, searching the API returns all data about the breach including description and other meta data. For high volume API consumers, it would be preferable to return just the breach name. Meta data about the breach could then be retrieved in a single API query to the breach service. This would reduce the response size for each query by more than 90%.

    11 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  10. Add additional contacting email addresses for domain search

    Add itsecuity@domain.com as one of the contacting addresses for a domain search as this is a common address these days.

    11 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  11. Have a page with mitigation directions for the technically challenged.

    For those of us who are technically challenged, directions on how to mitigate any damage if found to have been breached. For example, my husband and I found that our Adobe accounts were breached, but we do not know when he signed up as he does not have a computer and only created an email when he got a smart phone about 4 years ago. He has no idea of how he got signed up for Adobe. To be honest, I do not remember signing up or into that service either, although I do have it on my computers and…

    10 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  12. Have HIBP lookup security.txt mail addresses for Domain Search verification.

    Security teams within larger and less mature enterprises struggle to achieve regular access to new breach info based on the current verification process.

    Security.txt was implemented as a standard for disclosures, so it would make sense this would also be leveraged for validating domain searches by security teams. Also, would make accessing new affect users easier for larger international organizations where the DNS registration is non-standard or inaccessible.

    10 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  13. Domain wide search results - Refined export of data

    It would be great to refine the export data for domain wide searches.

    Something i would like to do is notify the users of new breaches. If i run the report periodically, i can easily compare the results and for any differences script a personalised mailout informing my users of such exploit.

    Cheers,
    Ivan

    10 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  14. 9 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  15. Summarise the breach info at the top of domain wide searches

    When you search across a domain at present, the breach name is listed next to each impacted account but it's not clear when it happened or when it was loaded into HIBP. It might not make sense to list this info next to every single breached account in the list, but a summary at the top of the page listing key attributes of each relevant breach would be handy.

    8 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  16. 7 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  17. Don't show pastes just by providing the e-mail address before verifying it's the actual owner

    Right now just by providing an e-mail address you can get pastes with plain password for that address. I can see how this can be abused. Could You implement some kind of verification that it's the actual owner of the e-mail? For example, sending an email which leads to a list of pastes where the password was found.

    7 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  18. Few more detail on the breach needs to be included

    Need few other details on the breaches that happened in the past. Its good we get the information details completely. The same is included in http://www.askmein.com/tools/have-i-been-pwned

    7 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  19. Add the ability for a domain owner to view and unsubscribe any currently setup domain subscription

    A domain subscription checker (done with similar verification to the domain verification links) would enable the domain owner to check only current employees have have access to the information, and to revoke any incorrectly or outdated subscriptions on the domain without having to have access to each destination mailbox

    From personal mistake:
    I've subscribed for domain alerts, copied the verification token and authorised before it took me back to a screen that showed I'd mis-spelt the notification email address hostname! That means someone else now is approved to see full domain level summary.

    As the notification email address is different…

    7 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  20. 7 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  • Don't see your idea?

General

Categories

Feedback and Knowledge Base