General
123 results found
-
Domain Search Spam Filtering or Sorting
After running a domain search there is some instances that you have a small number of "Addresses Excluding Spam" and a very high number of "All Breached Addresses".
It would be super useful to be able to sort by Spam or Excluding Spam Addresses.
Maybe a dropdown or a tickbox to be able to filter out the spam breached addresses.6 votes -
Ignore pastes over two years old
Ignore pastes that are I suggest more than two years old if the email address hasn't been pwned in that time as it's highly unlikely to become pwned after that time. Leaving it in for a pwned account gives a clue to the source of becoming pwned
5 votes -
Permit multiple addresses to be searched at one time
Allow multiple email addresses from different (or same) domains to be searched at one rime. I have multiple email addresses myself and manage email addresses for various other activities e.g. supporting my elderly mother and charitable work.
5 votes -
discord data breach
this have been breached around Oct 3
5 votes -
show an example of the phone number layout for Facebook data search
Like does it include dashes? spaces?
example: +1 954-123-4567 or +19541234567?5 votes -
Fix captcha puzzle for IE11 users
Currently the buttons at the bottom of the "check all images that have XXX" popup don't work on IE11. Can't Verify, refresh, get help, etc. Makes notifications impossible if the puzzle appears.
4 votes -
Implement test API Key for automated domain search tests
I've created a little python tool that queries the hibp domain search for verified domains and breaches related to aliases of this domain. It then saves them to a csv-file.
Link to the project: https://github.com/security-companion/hibp-harvester
In order for better quality I would like to add automated testing via github actions. So my question is if you could provide a test-API key that has some domains subscribed with some breaches in the aliases so that I could query these and by this make sure code is still good when I change something.
For creating the tool I made a subscription and…
4 votes -
Anonymous statistics about the collected data
Just to satisfy our hunger for data and curiosity about lists of all kinds of things, it would be interesting if the massive amount of data HIBP was processed to produce new data. It doesn't need to be searchable like Shodan's or GreyNoise's (while this would be amazing we don't need to think too much to understand the implied risks) and should not disclose sensitive information, but even with this limitation in the way it would be presented to the public (and keeping in mind the growing adoption of GDPR and similar regulations around the world), there are several processing…
4 votes -
Developer mailinglist to notify of API changes
As a developer & maintainer of a HIBP package / library, keeping it up to date currently requires constantly checking the API documentation in its entirety to discover any changes. This isn't always obvious and inefficient.
I would like to see either a mailing list that developers can subscribe to, or some other kind of notification (at minimal, at least a public changelog that can be read, but preferably something that would alert to the fact that changes have been made) that can be easily parsed to determine:
- If there have been any changes to the API
- What those changes…
4 votes -
Indicate which data classes were compromised for each record in a breach
So yeah, when testing an email-address, if should be made clear in the returned results whether the full data (name, physical address, email) or only the email-adress was leaked.
This is important because the ledger hack is more serious than many other to the security of those leaked.4 votes -
Google Analytics?
I'm a European Data Privacy Officer and in my applications I don't allow any tracking cookies. Can you prove a - maybe paid - service without Google Analytics?
Thanks
Bernd4 votes -
Vtenext Data Breach
I saw a recent suggestion regarding the inclusion of the Vtenext data breach that affected Dolomiti Energia and Sorgenia.
To assist you in validating and adding this breach, I believe I have located links on the dark web and a public breach tracking site that appear to host or reference the leaked data.
I recommend you investigate the following links:
- Dark Web Forum Post:
https://darkforums.st/member.php ?action=profile&uid= 7728>KaruHunters</a>
- Public Breach Tracking:
https://hackeralert.it/index.php ?page=entryDetails&id=130576
I hope this information is helpful in expediting the process of adding this significant breach to Have I Been Pwned? for the benefit of the affected Italian users.
4 votes -
Differentiate hashed and plaintext passwords in the data classes
Split the "Passwords" data class into "Hashed Passwords" and "Plaintext Passwords", or simply add the new types. This would allow for different actions to be taken based on the breach data. I think the plaintext identifier would be more important as a flag, and it should be used to also signify easily resolved hashes. (Maybe Passwords is the current hashed/encrypted/plain, and Plaintext is when text has been recovered)
4 votes -
Add Telegram Bot
Add a official Telegram Bot to receive updates directly from Telegram about phone numbers (actually not present) and emails that are leaked.
4 votes -
Offer an option to inform where you have been compromised
offer an option to inform where you have been compromised - Chemist Direct login and password details exposed via email. These were correct.
4 votes -
Alert for physical address
Now Slickwraps has your address, notify the person.
(but how, how do you verify if a person owns the address? email and address in a past leak? (also could be abused))
3 votes -
Request a company to be investigated for a breach
Although this was downvoted, I suspect some companies are not reporting their breaches or they do not know about them.
My most recent was EpicGames, which Have I been Pwnd (Password page) says my password has not been pwned. But it was pwned, and was used to access my Gmail, EpicGames and other sites.
I'm not sure what can be done - I think people like me can help collaborate in a way that can lead to discovering unreported breaches and whistle blow those companies to notify their users of breaches.
Why do I have to become a hacker to…
3 votes -
Notification when Notifications are disabled
We were just discussing how we noticed that notifications had suddenly been turned off without an admin’s knowledge. I think it would make sense, just as with passkey creation and deletion, to receive a notification when this email notification is disabled.
3 votes -
An account system
(request 1/2) I feel like it would be nice to rather than ask for updates through all of your emails, it would be nice to group all your emails together into an account and have them all send to an email of your choice
3 votes -
different Payment methods,
Since Creditcard is not commonly used in some parts of the world, adding PayPal for example could create Access for more Companies.
3 votes
- Don't see your idea?