General
123 results found
-
Split up breach listing page
This page:
https://haveibeenpwned.com/PwnedWebsites#Facebook
Is surprisingly difficult to browse on mobile, because it's so very long.
The anchor link doesn't seem to always take you to the right section, because of the page length, at least on mobile. On desktop, it works fine though.3 votes -
Show me an example of the response that is received when a phone number is sent to the breachedaccounts api endpoint
I am working on an application - I am unable to find a number that was in a breach. Can you please provide me an example response when a phone number is queried to the breachedaccounts api. I just need to look at the structure and the keys
3 votes -
Change the DNS validation for domain search a bit
Right now, I've added a verification TXT record to my zone apex (root). This clutters a bit, as every other site also has their records there. I want to know if I can remove the record, but I couldn't find this in any docs.
If possible, move the record to a subdomain to avoid cluttering the zone apex. This could be a random subdomain to avoid any cases where a malicious user might control the delegation of a subdomain. Maybe the subdomain is the validation (like
d234fghde34.mydomain.comwith a TXT record saying "yes")Alternatively, allow me to remove the record…
3 votes -
CURL script for documentation
The API call documentation is not clear. Can you guys just use CURL command line for documentation or Postman?
3 votes -
different Payment methods,
Since Creditcard is not commonly used in some parts of the world, adding PayPal for example could create Access for more Companies.
3 votes -
An account system
(request 1/2) I feel like it would be nice to rather than ask for updates through all of your emails, it would be nice to group all your emails together into an account and have them all send to an email of your choice
3 votes -
Notification when Notifications are disabled
We were just discussing how we noticed that notifications had suddenly been turned off without an admin’s knowledge. I think it would make sense, just as with passkey creation and deletion, to receive a notification when this email notification is disabled.
3 votes -
CSO need terms to be able to use HIBP in their company.
We have integrated HIBP api in some of our security tools in our company in order to estimate the probability of one of our client getting hacked if his email appears in many breaches.
We beta tested it, but our legal staff pointed out that we needed terms on the website to be able to use it, as the fact you only tell that you don't collect and store email that are searched (we do trust you but legal team don't work on trust :p) is not enough.
we got in touch with the french "national comity for IT liberty"…
2 votes -
Options to Recover Hacked accounts
Ive been hacked on 3 personal computers, 1 Verizon phone and 2 burner phones almost immediately after activating them. It all happened at the same time. Then the burners 2 days in a row.
WTF is the point? Even my truck is hacked? Who hacks new phones so obviously with 0 information?
They hacked a 4th computer which is a corporate laptop for I'm a Fortune 500 company. "They got a little cocky with that one." Is anything available to recover several email accounts, photo galleries, apps, ect. That use the same email address?
They grouped photos and videos of…2 votes -
user submission of phish mails that charge bitcoin ransom by putting old password in subject
i got yet another mail with the same template of putting one of my previously used passwords that have been potentially obtained from one or more breaches.
there has to be a secure process that hibp can build for users if they can responsibly reset all the site logins where that password is used and maybe make hibp aware that there are breaches from where these credentials are obtained and perhaps get a way to be alerted to. user may take a decision if they want to continue with the service that was breached, regardless of changing the password.2 votesI definitely don’t want to end up in a position where HIBP has the power to reset people’s passwords. If I’ve misunderstood and you’re talking about flagging potential breaches instead, vote for this idea: https://haveibeenpwned.uservoice.com/admin/v3/ideas/34782007/
-
Due diligence search on prospective service domains
Add the ability to search for historical breach information against a prospective service domain (Facebook, linkedin, firefly.ai) that may have been breached. This feature would be very handy as part of a due diligence operation prior to using that service
2 votes -
Add hover text to define "paste" and "paste accounts" on home page
I had to hunt around in About to learn what these were.
Thank you,
--Ben2 votes -
For each of the download files, can you make available a sample file with 100 rows?
Instead of downloading the large file to see the file format, I would like to download a 100-row example. This would save bandwidth and allow someone to experiment with integrating the database into an app without having to download the very large example.
2 votes -
Alert when a new version of the file is uploaded
I would like to receive an alert when a new version of the file is uploaded
2 votes -
Add payment methods to allow payment by invoice / purchase order
Some businesses do not allow purchase by card
2 votes -
Provide an OpenAPI specification
When a user would like to leverage your API having it advertised in the OpenAPI format make it very easy to understand and leverage.
There are tool in development which allow the automatic generation of a code based on this spec: https://github.com/OpenAPITools/openapi-generator
An example of a spec can be seen at https://developer.shodan.io/api. It can be written in json or yml. Here is an example of it in json: https://developer.shodan.io/api/openapi.json
It allows the creation of attractive interactive docs which can be used to execute the api directly.
It can be edited and validated in a number of ways
- online…2 votes -
Include actual API name of breach...
Please include the actual API name of the breach next to the word 'Permalink' on your 'Who's Been Pwned' page so that it can be 'CTRL-F' searched on the page. It's not always exactly the same as the common name for the data leak.
2 votes -
Allow back button when going from domain back to list
When you are on this page: https://haveibeenpwned.com/Dashboard#Domains
And you click on a domain search icon, you cannot use the back button (or mouse back button) to go back.
Should be an easy fix by pushing the domain into part of the next page address into the URL history.
2 votes -
2 votes
-
Navigation on Dashboard
On the Personal Dashboard, Overview tab, there's 2 boxes: Data Breaches and Pastes. Mousing over these boxes highlights them (they subtly change colour) but there's no action on clicking them. Wouldn't it be better if clicking these navigated to https://haveibeenpwned.com/Dashboard#Breaches and https://haveibeenpwned.com/Dashboard#StealerLogs respectively?
From a UX point of view that what I was expecting to happen.Similarly on Business Overview - I would expect Domains Monitored to navigate to https://haveibeenpwned.com/Dashboard#Domains
2 votes
- Don't see your idea?