I would like to know which websites I have created a username on with my email address so that I can access them and manage the passwords for them. at this time, I can only manage the ones I REMEMBER using my email to sign up with, but I know there are probably hundreds out there that I have created login credentials for because just about every site or out there requires you to create an account in order to use it.

I want to protect those accounts BEFORE I know a breach has occurred so there are no surprises.

An education app Unacademy is reported to have data breached of 11M-22M Users. Kindly add that to database.

Source: https://www.business-standard.com/article/companies/unacademy-s-database-hacked-information-of-11-million-users-compromised-120050701280_1.html

It would be nice if we could pass a set of breach names into the https://haveibeenpwned.com/api/v3/breachedaccount and a set of paste data into https://haveibeenpwned.com/api/v3/pasteaccount and have them only provide results for the breaches and pastes not on the list, basically something like ?exclude=thing1,thing%20two for breachedaccount and something like ?exclude=%7B%22PasteBin%22:%20[%22123%22,%22456%22],%22Pastie%22:%20[%22abc%22]%7D for pasteaccount.

Google now detects some email / password combo breaches. Google doesn't have any more detail on when / what / where. What might explain any difference w Pwned Passwords?

In the alert email for the Cit0day breach, the only information provided is that one's email appeared somewhere in the breach of the 23k websites. If it's possible, it could be helpful for users to be informed of which specific site(s) their credentials were listed under.

I fully grant the larger point about encouraging the use of a password manager to mitigate the risk regardless. Thanks! :)

First time i have check my password, it was not pwned.
Second time, just after first time some days, it was pwned with "seen 1 time before".
This is no problem until now, but when github start using your api to check password and force i give up my good password!
So please remove password which "seen 1 time before", or at least make a feature that auto remove password from your database if it is not pwned or less pwned in long time.

be able to lookup if your password exists in a breach by entering an md5 of your password rather than the actual password.

Offer a service that can wipe clean a person's exposed information that has been breached.

I saw a breach on my email, I've strengthen the security, logout services and stuff.
I would like to opt out now. And come in a later date and see if have new breaches.

Because this way, I can rest that my new security changes are working, instead of doesn't matter if strengthen the security or not, I still see the breach result

make a deletion of these reports if you have seen it already....

Make it easier to trace in phone if someone is trying to pwned you by opening the App, then boom you know quickly already the updates about your account.

With the recent revelation of the 500K+ passwords that were scraped from Fortinet VPNs all over the world, it would be of incredible value to be able to check if several deployments were caught up in the breach (by checking a few usernames). Thanks for the great work!

Link all verified mediums that one can access to join or create a class-action lawsuit/claim related to a data breach.

With the new NIST guideline of 8 character minimum password length, it would be useful to have a database of only passwords 8 characters or longer. My assumption is that this would reduce the size of the database significantly.

We should be told if a hacker can still access our email or paste it. We should be told that once we receive our results,

Question: Can a Subsequently Deleted EMail Address be accurately confirmed via HIBP, if the EMail Address was confirmed Registered (via EMail Link) PRIOR TO Deleting the E-Mail Address ? Thank You.