General
-
add a webhook option for domain breach notifications.
In addition to notifications via email, add a webhook option to be notified when your domain appears in the data breach list.
7 votes -
Full email service for companies to help CISOs
Hello,
I'm using Have I been Pwned to find out unsealed email accounts and passwords for our company domain and I'm very pleased about this service.
But to make life easier I suggest the following service:
1) I sign in at Have I Been Pwned.
2) I type in and confirm all domains of my company
3) I define a text to inform my users about a possible problem, that their passwords are maybe lost.
4) I accept the actual status of unsealed account information as the base line
5) If new breaches of user accounts will occur Have I…7 votes -
Add a "Suspended" account button
I have been reported on 3 accounts that Tumblr accounts have been breached, one of them was in fact suspended for unknown reasons.
7 votes -
Remove captcha from the domain page
Captcha is grotesequely unfair on people that have learning disabilities and is preventing me from properly using your service.
Find an anti-robot mechanism that doesn't penalise real people with real problems.7 votes -
Filter breaches by "AddedDate"
Add a date filter to the api/breachedaccount/{account} endpoint.
In this way, we can only query breaches that were added after X date. This is helpful for notifications and reduces the amount of data we retrieve.
7 votes -
Add an Ethereum / Bitcoin SV / credit card / other for donations
Add an Ethereum address for donations and convert all existing Bitcoin donations to renBTC (there's more Bitcoin in the Ethereum network than on the lightning network) via bridge.renproject.io and exchange renBTC for Ethereum via 1inch.eth.link (1inch exchange).
7 votes -
Add an API endpoint that returns a rate limited response
This would allow easy testing of code to properly handle a rate limit, without having developers intentionally exceed the rate limit in order to test.
https://api.pwnedpasswords.com/rate-limited/backoff
would return a 429 response with a Retry-After header with a a value = backoff. The backoff parameter is optional and if omitted you would return the default backoff seconds (2).It is unclear whether the v2 api is rate limited. You state when describing the V2 API that it is not, but the section regarding rate limiting in the API docs does explicitly state that it doesn't apply to the V2 API. This…
7 votes -
Make domain notification more salient
TL;DR: Make domain-level notification (1) more obvious to find and (2) more salient in the registration form.
Feature not advertised in top bar labels
- "Home" promises e-mail one-time search,
- "Notify me" promises e-mail notification, not registration
- "Domain search" promises, well, one-time domain search.
I suggest you add either a separate label on top bar with a separate form. Or change existing "Domain search" into "Domain search+notification" (yes, it's longer, so see other suggestion below).
Feature not recognizable when found
On https://haveibeenpwned.com/DomainSearch there is only one salient title "Domain search / Search for pwned accounts across an entire domain". No title…
7 votes -
Showing results via Mail
I think it is a matter of privacy what services (that were breached) I used. This site allows me to type in any e-mail I know and to verify whether or not the person did use a special service. It might seem that this information is not too big of a deal, still I'd consider it private. So my suggestion is that the services only sends back a link to the email that shall be checked and provides the results there.
6 votesThere are many, many reasons why that’s not feasible: https://www.troyhunt.com/the-ethics-of-running-a-data-breach-search-service/
-
Update Zygna.com data breach information
I've just been informed that the Zygna.com data breach included my phone number. Which, makes sense, since it is usually installed on mobile devices. You don't list phone numbers are part of the data breach.
6 votes -
Mark Wii U ISO as a sensitive breach
Wii U ISO is a site that hosts illegal downloads of pirated video games. This include Roms & ISOs for Nintendo Switch, Wii U, and 3DS. The ability to upload or download games is only available for registered users.
Because having an account could link users to illegal software piracy, I would like to propose adding it to the list of sensitive breaches.
(Arguably, emuparadise should be marked as sensitive, as they previously distributed illegal ROMs)
6 votes -
Add Domain Connect to the "Verify by domain TXT record" method
This way TXT record can be added automatically at GoDaddy, 123reg, 1&1 IONOS and few others. See https://www.domainconnect.org/dns-providers/
6 votes -
Notify email owner by phone text message
Offer the flexibility for a user to enter all email addresses owned by the user along with a mobile number through which the user gets notified if any of the listed emails are pwned.
5 votes -
Return usernames/email addresses with Pwned Passwords api by using a k-Anonymity model
The chances for old email addresses to be listed in a breach is very high. After some decades of use the email address occurs in a breach with a hopefully old password and is used with new passwords currently.
Thus, it would be great if I could test if a specific username – password combination has been listed in a breach. As far as I understand the API this isn’t possible at the moment.
The relating email addresses could be returned after the number of breaches in the api.pwnedpasswords.com return value. This approach has the problem that foreign email addresses…5 votes -
show an example of the phone number layout for Facebook data search
Like does it include dashes? spaces?
example: +1 954-123-4567 or +19541234567?5 votes -
List registered email addresses for domain notification
Can we please have an notification sent to advise which email addresses have been subscribed to domain notifications over time and an option to remove email addresses from domain notifications.
5 votes -
Add MostRecentDate to Domain Search results
When viewing Domain Search results, it would be helpful to have column containing the date of their most recent appearance in a breach data set. This would help prioritize password changes if the search results are larger.
4 votes -
Fix captcha puzzle for IE11 users
Currently the buttons at the bottom of the "check all images that have XXX" popup don't work on IE11. Can't Verify, refresh, get help, etc. Makes notifications impossible if the puzzle appears.
4 votes -
Indicate which data classes were compromised for each record in a breach
So yeah, when testing an email-address, if should be made clear in the returned results whether the full data (name, physical address, email) or only the email-adress was leaked.
This is important because the ledger hack is more serious than many other to the security of those leaked.4 votes -
Add the “Notify Me” element to API functionality
Add the “Notify Me” element to API functionality so that people can be automatically added to the monitoring (as well as the one off checks)
4 votes
- Don't see your idea?