General
121 results found
-
Permit multiple addresses to be searched at one time
Allow multiple email addresses from different (or same) domains to be searched at one rime. I have multiple email addresses myself and manage email addresses for various other activities e.g. supporting my elderly mother and charitable work.
5 votes -
Ignore pastes over two years old
Ignore pastes that are I suggest more than two years old if the email address hasn't been pwned in that time as it's highly unlikely to become pwned after that time. Leaving it in for a pwned account gives a clue to the source of becoming pwned
5 votes -
Developer mailinglist to notify of API changes
As a developer & maintainer of a HIBP package / library, keeping it up to date currently requires constantly checking the API documentation in its entirety to discover any changes. This isn't always obvious and inefficient.
I would like to see either a mailing list that developers can subscribe to, or some other kind of notification (at minimal, at least a public changelog that can be read, but preferably something that would alert to the fact that changes have been made) that can be easily parsed to determine:
- If there have been any changes to the API
- What those changes…
4 votes -
Offer an option to inform where you have been compromised
offer an option to inform where you have been compromised - Chemist Direct login and password details exposed via email. These were correct.
4 votes -
Fix captcha puzzle for IE11 users
Currently the buttons at the bottom of the "check all images that have XXX" popup don't work on IE11. Can't Verify, refresh, get help, etc. Makes notifications impossible if the puzzle appears.
4 votes -
Add Telegram Bot
Add a official Telegram Bot to receive updates directly from Telegram about phone numbers (actually not present) and emails that are leaked.
4 votes -
Differentiate hashed and plaintext passwords in the data classes
Split the "Passwords" data class into "Hashed Passwords" and "Plaintext Passwords", or simply add the new types. This would allow for different actions to be taken based on the breach data. I think the plaintext identifier would be more important as a flag, and it should be used to also signify easily resolved hashes. (Maybe Passwords is the current hashed/encrypted/plain, and Plaintext is when text has been recovered)
4 votes -
Indicate which data classes were compromised for each record in a breach
So yeah, when testing an email-address, if should be made clear in the returned results whether the full data (name, physical address, email) or only the email-adress was leaked.
This is important because the ledger hack is more serious than many other to the security of those leaked.4 votes -
Google Analytics?
I'm a European Data Privacy Officer and in my applications I don't allow any tracking cookies. Can you prove a - maybe paid - service without Google Analytics?
Thanks
Bernd4 votes -
Implement test API Key for automated domain search tests
I've created a little python tool that queries the hibp domain search for verified domains and breaches related to aliases of this domain. It then saves them to a csv-file.
Link to the project: https://github.com/security-companion/hibp-harvester
In order for better quality I would like to add automated testing via github actions. So my question is if you could provide a test-API key that has some domains subscribed with some breaches in the aliases so that I could query these and by this make sure code is still good when I change something.
For creating the tool I made a subscription and…
4 votes -
discord data breach
this have been breached around Oct 3
4 votes -
Anonymous statistics about the collected data
Just to satisfy our hunger for data and curiosity about lists of all kinds of things, it would be interesting if the massive amount of data HIBP was processed to produce new data. It doesn't need to be searchable like Shodan's or GreyNoise's (while this would be amazing we don't need to think too much to understand the implied risks) and should not disclose sensitive information, but even with this limitation in the way it would be presented to the public (and keeping in mind the growing adoption of GDPR and similar regulations around the world), there are several processing…
4 votes -
An account system
(request 1/2) I feel like it would be nice to rather than ask for updates through all of your emails, it would be nice to group all your emails together into an account and have them all send to an email of your choice
3 votes -
Add % of p0wn count already in DB as new field in API
EG; https://twitter.com/haveibeenpwned/status/1180912324644888576 '87% of addresses were already in @haveibeenpwned'. In this case 87% of the 988k records were already in the DB. I can see the PwnCount, but not the % that was already in the DB, that's the attribute I'd like to be doing some querying on.
3 votes -
Whitelisting to filter out notification on addresses appearing in most notifications
For large companies monitoring their appearances in notifications there are public addresses (like (info|support|help|contact)@<domain> which will may mean a team receives notifications for most new breaches, but for often singular results of these 'public addresses' in breaches not of concern.
3 votes -
different Payment methods,
Since Creditcard is not commonly used in some parts of the world, adding PayPal for example could create Access for more Companies.
3 votes -
Make an extension that checks if the website has got a data breach
Make an extension that tells a client that the current domain name has been recently breached by data miners and or hackers. making sure the people searching are aware of the dangers that have occurred recently. as a side suggestion to this tell the searcher that it is recommended for them to change their password
3 votes -
Alert for physical address
Now Slickwraps has your address, notify the person.
(but how, how do you verify if a person owns the address? email and address in a past leak? (also could be abused))
3 votes -
Add basic correlation logic to compare newly found pastes against current breaches...
Some sort of fuzzy matching & correlation with already posted breaches to see if the paste is just another re-post of the data from another known breach.
One way to do this is look for emails that have the + syntax, which typically means that the user has created a somewhat unique email for a particular service, company, etc
3 votes -
Show me an example of the response that is received when a phone number is sent to the breachedaccounts api endpoint
I am working on an application - I am unable to find a number that was in a breach. Can you please provide me an example response when a phone number is queried to the breachedaccounts api. I just need to look at the structure and the keys
3 votes
- Don't see your idea?