General
123 results found
-
Send enrollment email upon valid domain verification
I successfully enrolled in domain search, but never got a confirmation message. Now when I forget whether or not I've enrolled my domain in a year (as will surely happen), I have no way of knowing if I'm just repeating efforts.
16 votes -
Paypal option to pay API key
Not everyone has a creditcard. Should be nice if I can pay the API key with paypal :)
16 votes -
Improve Domain Verification UX — Allow Pending State and Re-Verification Instead of Immediate Failure
Description
When adding a new domain for monitoring via DNS TXT record, the verification fails immediately if the record hasn’t propagated yet. The modal shows:
“The TXT record was not found, you may need to allow some more time for DNS to propagate between adding it then verifying.”
After that, the domain doesn’t appear anywhere in the dashboard — there’s no “pending verification” state, no option to retry verification later, and each new attempt generates a new TXT record.
This means you can’t verify a domain that takes longer to propagate unless you keep the modal open for hours and…14 votes -
Add additional contacting email addresses for domain search
Add itsecuity@domain.com as one of the contacting addresses for a domain search as this is a common address these days.
14 votes -
Add an Ethereum / Bitcoin SV / credit card / other for donations
Add an Ethereum address for donations and convert all existing Bitcoin donations to renBTC (there's more Bitcoin in the Ethereum network than on the lightning network) via bridge.renproject.io and exchange renBTC for Ethereum via 1inch.eth.link (1inch exchange).
13 votes -
Report as an email containing additional details
if the email address matches the username, provide associated data elements that have been breached. These could be as follows..
1. plain-text passwords, password hashes associated with the email add.
2. other PII .. address, phone#, IP, etc.13 votes -
12 votes
-
Opt-in again after opting-out
I know that these suggestions have appeared many, many, many times.
While it is currently possible to change your mind to another of the three points after you opt-out, it would be more useful and right to add the option to opt-in back. At least for new breaches.
One of the reasons is that 1Password Watchtower simply stops working for email searches.
12 votes -
The possibillity to be able to exclude certain email addresses from future findings
As we have a lot of students I get quite a few notifications about breaches. Sadly I get notifications about accounts that do not exist within the organisation for already over 10 years. Yet the account details keep showing up at new breaches that seems to be selling extreme old details.
I can totally understand that you do not want to remove the count of the amount of breaches found. But it would be nice to be able to mute new findings for accounts that no longer exist. That saves us going thru long lists of accounts every breach. While…
11 votes -
Have HIBP lookup security.txt mail addresses for Domain Search verification.
Security teams within larger and less mature enterprises struggle to achieve regular access to new breach info based on the current verification process.
Security.txt was implemented as a standard for disclosures, so it would make sense this would also be leveraged for validating domain searches by security teams. Also, would make accessing new affect users easier for larger international organizations where the DNS registration is non-standard or inaccessible.
11 votes -
Add an API to get the most recent breach date by account/email
On my website, I'd like to detect if the user's password has been recently breached so I can ask them to reset their password. It would be easy if there is an endpoint that given an account/email returns a single timestamp or breached date of the most recent breach if there is one.
With the current API, the only way to achieve this is to use the v3 breachedaccount API with the option truncateResponse set to false. The untruncated response body of the endpoint is quite large. On top of that, I'd have to deserialize the response to JSON then…
11 votes -
List registered email addresses for domain notification
Can we please have an notification sent to advise which email addresses have been subscribed to domain notifications over time and an option to remove email addresses from domain notifications.
11 votes -
excel sheet with all sites breaches with headers
Breach, Compromised Data, Date of Compromise etc., this was already contained in the site https://haveibeenpwned.com/PwnedWebsites
I'm just requesting you to provide the same in excel format.11 votes -
Have a page with mitigation directions for the technically challenged.
For those of us who are technically challenged, directions on how to mitigate any damage if found to have been breached. For example, my husband and I found that our Adobe accounts were breached, but we do not know when he signed up as he does not have a computer and only created an email when he got a smart phone about 4 years ago. He has no idea of how he got signed up for Adobe. To be honest, I do not remember signing up or into that service either, although I do have it on my computers and…
11 votes -
Enabl API to be queried such that it returns only the breach name
At present, searching the API returns all data about the breach including description and other meta data. For high volume API consumers, it would be preferable to return just the breach name. Meta data about the breach could then be retrieved in a single API query to the breach service. This would reduce the response size for each query by more than 90%.
11 votes -
CNAME records for domain verification
It would be nice if you could allow for using CNAME records for domain verification.
Example:
hibp_s8stqti7w56477ulmvzid31k IN CNAME verify.haveibeenpwned.comThis way we can avoid polluting our domain apex with even more TXT records.
10 votes -
Filter breaches by "AddedDate"
Add a date filter to the api/breachedaccount/{account} endpoint.
In this way, we can only query breaches that were added after X date. This is helpful for notifications and reduces the amount of data we retrieve.
10 votes -
Domain wide search results - Refined export of data
It would be great to refine the export data for domain wide searches.
Something i would like to do is notify the users of new breaches. If i run the report periodically, i can easily compare the results and for any differences script a personalised mailout informing my users of such exploit.
Cheers,
Ivan10 votes -
add a webhook option for domain breach notifications.
In addition to notifications via email, add a webhook option to be notified when your domain appears in the data breach list.
10 votes -
Full email service for companies to help CISOs
Hello,
I'm using Have I been Pwned to find out unsealed email accounts and passwords for our company domain and I'm very pleased about this service.
But to make life easier I suggest the following service:
1) I sign in at Have I Been Pwned.
2) I type in and confirm all domains of my company
3) I define a text to inform my users about a possible problem, that their passwords are maybe lost.
4) I accept the actual status of unsealed account information as the base line
5) If new breaches of user accounts will occur Have I…9 votes
- Don't see your idea?