Skip to content

General

229 results found

  1. Opt out till next breach

    I saw a breach on my email, I've strengthen the security, logout services and stuff.
    I would like to opt out now. And come in a later date and see if have new breaches.

    Because this way, I can rest that my new security changes are working, instead of doesn't matter if strengthen the security or not, I still see the breach result

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  2. 3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  3. Domain search

    I own several domains and I would like to check any email adress with that domain.
    Simply verify by sending confirmation request on a random email address with that domain e.g. h1ytsh4t uhh674@larshjorth.dk

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  4. Insert Breach's "Permalink"

    Can you please insert the breach's "Permalink" returned by the API?

    For example, include "Permalink" : "https://haveibeenpwned.com/PwnedWebsites#Adobe" similar to the existing key/value pair of "LogoPath".

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  5. Add a captcha

    Because people often use the same user and password combination on multiple sites. If you can search here if you have an account on multiple sites, others can too. If you can slow down automatic search, abusers can be scared away

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  6. 3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  7. Add as a FAQ how Pwned Passwords aligns with Google's new Safety Check

    Google now detects some email / password combo breaches. Google doesn't have any more detail on when / what / where. What might explain any difference w Pwned Passwords?

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  8. Domain Search Email Validation Not Working

    I'm not receiving emails while attempting to validate my ownership of a domain. We're using Office 365 and the email doesn't appear to be getting caught by the spam or phishing filters.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  9. Include leaked password

    You very kindly just sent me an email that my email address and unsalted password were included in the 2012 LinkedIn breach.

    I can't remember which password I was using in 2012, and hence don't know which other accounts need a password change. Could you send the leaked hash (or otherwise, depending on the breach) to the effected email?

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  10. search by hash to be EU GDPA laws compliant

    As a security company I would like to be able to search in your database on behalf of my clients for their employees emailadresses. The current laws in EU prohibit this unless HIBP signs a DPA - contract with my company OR we do not provide you with the emaildadress but just a hash. My company would even pay money for this.
    I know you already declined this a couple of times but so far nobody mentioned the aspect of law compliancy.
    THX for your work

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  11. HOSTINGER.COM HAD A DATA BREACH

    I’m not lying, I got an email from them. Here is the blog post about it:
    https://www.hostinger.com/blog/security-incident-what-you-need-to-know/

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  12. Feature that allows you to search for all the sites your email has been used to create a log in for

    I would like to know which websites I have created a username on with my email address so that I can access them and manage the passwords for them. at this time, I can only manage the ones I REMEMBER using my email to sign up with, but I know there are probably hundreds out there that I have created login credentials for because just about every site or out there requires you to create an account in order to use it.

    I want to protect those accounts BEFORE I know a breach has occurred so there are no surprises.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  13. 3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  14. Add Retry-After to Access-Control-Expose-Headers

    When hitting a 429 response, a cross-origin request does not have access to the Retry-After header.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  15. consider social security numbers?

    What potential is there to provide data on SSN that have been exposed in a breach? This seems much more borderline dangerous, but curious about of you've given any thought and the problems / possibilities you see.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  16. Remove password which is pwned on small and don't see in long time.

    First time i have check my password, it was not pwned.
    Second time, just after first time some days, it was pwned with "seen 1 time before".
    This is no problem until now, but when github start using your api to check password and force i give up my good password!
    So please remove password which "seen 1 time before", or at least make a feature that auto remove password from your database if it is not pwned or less pwned in long time.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  17. Cit0day - is it possible to include the site(s) whose lists an email appeared in?

    In the alert email for the Cit0day breach, the only information provided is that one's email appeared somewhere in the breach of the 23k websites. If it's possible, it could be helpful for users to be informed of which specific site(s) their credentials were listed under.

    I fully grant the larger point about encouraging the use of a password manager to mitigate the risk regardless. Thanks! :)

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)

    HIBP only matches an email address to a single “breach” (which is what the Cit0day collection is treated as) and doesn’t have a provision to add any additional data such as which file the email address appeared in.

  18. Catch all

    Implement support for catch all email addresses. I use a different mail address per website I register to. Its all on the same domain that is configured to support catch all e-mail. In theory I could use an UUID email adres per website.

    In order to proof you are the owner you could send a verification mail to a random mailadres for the given domain.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  19. improvements to domain search for bigger companies

    At thousands of employees, the usability of the domain search falls off a cliff. Here's some of the problems I'm seeing and what would improve my usecase significantly.

    problems:
    1) email and personal data leaks are a spam/phish/identity problem: password leaks are a direct attack liability
    2) company has been around for a decade, thousands of employees, list of leaks and affected users by any of the leaks is long and unwieldy
    3) constantly investigating users that are no longer active

    potential improvements:
    1) focus on password leaks as a higher level of leak than just email and/or personal data…

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)

    This really goes beyond the purpose of HIBP and starts to get into the internal triage processes of your organisation. The intention is to provide the data as I’ve been able to obtain it then the consumer works out what to do with it; which ones are serious (it differs by org), which addresses are still relevant (definitely not something I want to track), and what actions have been taken for an individual breach. APIs exist for you to handle this in conjunction with the domain search.

  20. Create or Develop an App for this website name as app name called "Have I Been pwned?/HIBP"

    Make it easier to trace in phone if someone is trying to pwned you by opening the App, then boom you know quickly already the updates about your account.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  • Don't see your idea?

General

Categories

Feedback and Knowledge Base