General
111 results found
-
user submission of phish mails that charge bitcoin ransom by putting old password in subject
i got yet another mail with the same template of putting one of my previously used passwords that have been potentially obtained from one or more breaches.
there has to be a secure process that hibp can build for users if they can responsibly reset all the site logins where that password is used and maybe make hibp aware that there are breaches from where these credentials are obtained and perhaps get a way to be alerted to. user may take a decision if they want to continue with the service that was breached, regardless of changing the password.2 votesI definitely don’t want to end up in a position where HIBP has the power to reset people’s passwords. If I’ve misunderstood and you’re talking about flagging potential breaches instead, vote for this idea: https://haveibeenpwned.uservoice.com/admin/v3/ideas/34782007/
-
Due diligence search on prospective service domains
Add the ability to search for historical breach information against a prospective service domain (Facebook, linkedin, firefly.ai) that may have been breached. This feature would be very handy as part of a due diligence operation prior to using that service
2 votes -
Add hover text to define "paste" and "paste accounts" on home page
I had to hunt around in About to learn what these were.
Thank you,
--Ben2 votes -
For each of the download files, can you make available a sample file with 100 rows?
Instead of downloading the large file to see the file format, I would like to download a 100-row example. This would save bandwidth and allow someone to experiment with integrating the database into an app without having to download the very large example.
2 votes -
Alert when a new version of the file is uploaded
I would like to receive an alert when a new version of the file is uploaded
2 votes -
Include the affected email address in the API json structure as well.
Ingesting in Splunk becomes easier when the unique account is included in the API json data structure. Otherwise you cannot tell these individual disclosures apart.
1 vote -
Unable to generate new api key 21/08/19
Is there an issue with generating API keys right now? I'm unable to get a key receiving an error:
An error occurred while processing your request
The error has been logged and a notification sent.1 vote -
Increase contrast in the footer
In the footer, there is the text "A troyhunt.com project" and 3 icons underneath it. These are very hard to see, especially the text. Please increase their contrast with the background
1 vote -
Microsoft flow integration for a domain
An integration with Microsoft flows for a domain would be excellent. Something that would query the tenant for live or past emails in a domain and automatically notify the users about the breach.
1 vote -
Include an Industry field for every breach
The API for searching a breach should include what industry the breach is from, like Web, Government, Insurance, Financial, etc,.
1 vote -
Offer an option to inform where you have been compromised
offer an option to inform where you have been compromised - Chemist Direct login and password details exposed via email. These were correct.
1 vote -
1 vote
-
Free Developer Access to Paid API
I suggest dev access.
Either by access to fake data, or by minimum access, some results based on a rank.1 vote -
https://gitlab.com/ronaldoats/combos.vip-live.com
List of users and passwords 2,436,867 accounts
1 vote -
Table view for breach list
It would be nice to have an option to show the list of breaches for a particular e-mail address in table form with 1 row per breach and 1 column per piece of information involved (username, e-mail, name, dob, socio-economic, ssn, etc.) with maybe a score for how egregious the underlying issue was (plaintext/unsalted md5, etc.) and/or how sophisticated the attack was.
1 vote -
An API call that returns both paste and breach information for a given account
This may be related to rate limiting, but it would be nice if I didn't have to make two calls to get both the paste and breach information for an account.
1 vote -
Add date stamps to each breach listed on the home page
So visitor can quickly grasp how up-to-date your data is.
Thank you,
--Ben1 vote -
Internationalized domain name
Domain search verifying by email : domains with umlauts get not an email without any error message. Of course, if you convert domain name from IDN into ACE string before you enter it works.
1 vote -
Identifying Password Reuse Between Seperate Breaches
When an account is included in multiple breaches, identify if the leaked password is reused, or similar password used in individual breaches.
This would be interesting for individual accounts, but more useful when monitoring domains.
If an account is included within multiple breaches, but there is low/no password reuse/similarity then we can gain a level of comfort that the leaked credentials cannot be used further.
If however the account that is included in multiple breaches has used the same or similar password across those breaches we can prioritise taking action and changing passwords for non-breached systems.
1 vote -
Unsubscribing partial domain email breach notification with multiple domains
If you register an email notification for multiple domains, you are notified for all domains.
However, if at some point you no longer wish to be notified about one of the domains, it does not seem possible to unsubscribe from one of the domains only. (If you unsubscribe from both, and then re-subscribe to just 1 of the domains, it seems like your previous multi-domain account with the same email is reactivated, and multiple domain notifications are again emailed.)1 vote
- Don't see your idea?