General

  1. Offer an option to inform where you have been compromised

    offer an option to inform where you have been compromised - Chemist Direct login and password details exposed via email. These were correct.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  2. Include an Industry field for every breach

    The API for searching a breach should include what industry the breach is from, like Web, Government, Insurance, Financial, etc,.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  3. Prevent the pwned passwords page from mirroring hashes to Azure App Insights

    Currently when I submit a password to HIBP it sends two requests. One to https://api.pwnedpasswords.com/range/<hash> and another to https://dc.services.visualstudio.com/v2/track with a copy of the hash:
    [
    {
    "data": {
    "baseData": {
    "data": "GET https://api.pwnedpasswords.com/range/<hash>",
    "duration": "00:00:00.100",
    "id": "|<id>.<id>",
    "name": "GET /range/<hash>",
    "resultCode": "200",
    "success": true,
    "target": "api.pwnedpasswords.com",
    "type": "Ajax",
    "ver": 2
    },
    "baseType": "RemoteDependencyData"
    },
    "iKey": "<id>",
    "name": "Microsoft.ApplicationInsights.<id>.RemoteDependency",
    "tags": {
    "ai.device.id": "browser",
    "ai.device.type": "Browser",
    "ai.internal.sdkVersion": "javascript:1.0.21",
    "ai.operation.id": "HdzCf",
    "ai.operation.name": "/Passwords",
    "ai.session.id": "<id>",
    "ai.user.id": "<id>"
    },
    "time": "2021-06-10T04:27:35.000Z"
    }
    ]

    Is it really necessary to send hashes to this many parties?

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  4. https://gitlab.com/ronaldoats/combos.vip-live.com

    List of users and passwords 2,436,867 accounts

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  5. Add metadata to describe how password is stored

    People should have awareness about proper security of websites

    Original title: List websites that do not hash passwords, but rather encrypt or store plain text such as einforma.com edpnet.be

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  6. correct PW info ?

    I checked my new long & unique 13 character PW.. got the response of Not Pwned... but also: 'Oh NO this PW has been seen before in a breach'... so which is it?
    I made up 2 more long & unique PWs to test this and still got the same results. How can a previously non-existent just-made-up PW show in a breach !
    I truly appreciate the work your site does, but how can a PW be both safe and compromised at the same time !

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  7. Microsoft flow integration for a domain

    An integration with Microsoft flows for a domain would be excellent. Something that would query the tenant for live or past emails in a domain and automatically notify the users about the breach.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  8. Free Developer Access to Paid API

    I suggest dev access.
    Either by access to fake data, or by minimum access, some results based on a rank.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  9. An API call that returns both paste and breach information for a given account

    This may be related to rate limiting, but it would be nice if I didn't have to make two calls to get both the paste and breach information for an account.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  10. 1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  11. Increase contrast in the footer

    In the footer, there is the text "A troyhunt.com project" and 3 icons underneath it. These are very hard to see, especially the text. Please increase their contrast with the background

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  12. Include the affected email address in the API json structure as well.

    Ingesting in Splunk becomes easier when the unique account is included in the API json data structure. Otherwise you cannot tell these individual disclosures apart.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  13. Unsubscribing partial domain email breach notification with multiple domains

    If you register an email notification for multiple domains, you are notified for all domains.
    However, if at some point you no longer wish to be notified about one of the domains, it does not seem possible to unsubscribe from one of the domains only. (If you unsubscribe from both, and then re-subscribe to just 1 of the domains, it seems like your previous multi-domain account with the same email is reactivated, and multiple domain notifications are again emailed.)

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  14. Table view for breach list

    It would be nice to have an option to show the list of breaches for a particular e-mail address in table form with 1 row per breach and 1 column per piece of information involved (username, e-mail, name, dob, socio-economic, ssn, etc.) with maybe a score for how egregious the underlying issue was (plaintext/unsalted md5, etc.) and/or how sophisticated the attack was.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  15. Identifying Password Reuse Between Seperate Breaches

    When an account is included in multiple breaches, identify if the leaked password is reused, or similar password used in individual breaches.

    This would be interesting for individual accounts, but more useful when monitoring domains.

    If an account is included within multiple breaches, but there is low/no password reuse/similarity then we can gain a level of comfort that the leaked credentials cannot be used further.

    If however the account that is included in multiple breaches has used the same or similar password across those breaches we can prioritise taking action and changing passwords for non-breached systems.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  16. Internationalized domain name

    Domain search verifying by email : domains with umlauts get not an email without any error message. Of course, if you convert domain name from IDN into ACE string before you enter it works.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  17. Google Analytics?

    I'm a European Data Privacy Officer and in my applications I don't allow any tracking cookies. Can you prove a - maybe paid - service without Google Analytics?
    Thanks
    Bernd

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  18. Due diligence search on prospective service domains

    Add the ability to search for historical breach information against a prospective service domain (Facebook, linkedin, firefly.ai) that may have been breached. This feature would be very handy as part of a due diligence operation prior to using that service

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  19. Add date stamps to each breach listed on the home page

    So visitor can quickly grasp how up-to-date your data is.
    Thank you,
    --Ben

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  20. Unable to generate new api key 21/08/19

    Is there an issue with generating API keys right now? I'm unable to get a key receiving an error:
    An error occurred while processing your request
    The error has been logged and a notification sent.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
1 2 3 5 Next →
  • Don't see your idea?

General

Categories

Feedback and Knowledge Base