General

  1. ... make it easy to see what data are associated with a breach for a given account.

    The mere fact of a breach means very little if the associated website or other details are not findable. (I have to admit I have no idea whether the API addresses this, but I have no idea how to use it anyway.)
    HPI gives heaps of info: Affected Service Date Verified Password First and last name Date of birth Address Telephone number Credit card Bank account details Social security number IP Address
    Am I missing something?
    This should be emailable to the account holder in the same way, I would have thought.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    12 comments  ·  Flag idea as inappropriate…  ·  Admin →

    There’s two important comments on this:

    Firstly, HIBP describes the data classes that were exposed. If it says “email addresses and phone numbers”, for example, then your email address and phone number were almost certainly in the breach. The vast majority of the time, this is the data you gave the website.

    More importantly though – and the reason for closing this as “declined” – is that it’s just too great a risk to store this information. Often the data is extremely personal and it was also often improperly secured in the first place. For example, plain text passwords, something I would never consider storing in my system.

    So in short, the risks are too great and the benefits are minor given it’s data you’ve normally already provided yourself anyway.

  2. why is the yahoo and target breaches not listed?

    Why is the target and Yahoo breaches not listed

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  3. Provide a way for me to see the password data or other data associated with my email. Since I use unique passwords, the source is known.

    Provide a way for me to find the password data or other data associated with my email. Since I use unique passwords, the source is known. I have no idea if there is valid data in Exploit.In or Anti Public Combo unless I have some more information. You may not want to host the data, but someone is doing it. I have concern over some of those sources. Knowing the password or hash would make it possible to identify the source of the problem.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    declined  ·  1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  4. Can we have option to add email address in verification

    It provides predefined email addresses. Can a previously verified user add another user email for verification. Also the verification process does not provide details if the email was sent successfully ( In my case it says successful but I am not receiving verification email)

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Flag idea as inappropriate…  ·  Admin →
  5. How to check if someone with complete access to my company server and all email ID's, has been stealing information?

    I've recently found out that my IT person from my company has been stealing information from us. He has complete access to it's domain and server. Do you have any advice on how I can see what kind of information he has taken?
    If you have any recommendations on how to find the information on his personal email ID's, that would be very helpful. Thanks

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  6. Recover latest pastes RSS feed

    The latest pastes RSS feed is empty

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. what is this someone help me

    Oh no — pwned!
    Pwned on 4 breached sites and found 1 paste (subscribe to search sensitive breaches)

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. provide Solutions

    Provide Solutions on "How To" reverse the process of compromised email address and passwords.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  9. Only distribute unique sha1 values

    The files version 1, update 1 and update 2 contains 320,3355,236 SHA1 values but only 320,294,464 are unique the difference are 40,772 values

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. www.socialengineforum.com (1 Jan '01): http://www.socialengineforum.com/dump.sql

    the listed date - "(1 Jan '01)" is, shall we say, an out-of-bounds error. Site didn't exist that long ago!

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  11. Removing cloudflare on api

    Cloudflare antibot on your api doesn't make any sense, i have a python discord bot with your api implemented and because of cloudflare i cant use the api anymore and i have quite a few users who use the function.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Cloudflare is absolutely essential for protecting the API from abuse. The only time it should get in the way of legitimate use is if you consistently exceed the rate limit and cause a 24 hour JavaScript challenge to implemented against the offending IP address.

  12. 1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  13. To use hashed email address as part of the query instead of HTML encoded

    I don't know if this is already available, but I feel it will be a better idea.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  14. Not very smart features

    I've changed my password but my mail remain in the list. When my account will be "pwned" again, I will not know about it.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. explain in the FAQ why a mail address (mine!) appears as hacked in your tool, but the associated password is not listed as hacked?

    Does it mean that the e-mail adress was hacked, but that the associated password was not decrypted? If not, why the password is not found in your database? Thanks.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  16. Bring back sorted hashes

    I used to lookup password hashes by a binary search in the sorted password list (iterating over the initial database and the 2 updates).

    With the new database 2.0 this is no longer possible (unless I sort the downloaded hashes).

    Please bring back the sorted hashes.

    I do not care for the counts that have been added - perhaps another file with sorted hashes and without counts (to somewhat reduce the file size) could be offered for download?

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. What is LogoType?

    Can you describe what the intended use of the LogoType field in the Breach object is? I can't find anything in the API docs that describes the field. I know what SVG and JPG are, but to what do they refer? Do you have (or plan to have) an API that will return a logo for the name of a breach? I can see from the source of your web pages that you have that data in the content folder

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. 1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  19. 1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Flag idea as inappropriate…  ·  Admin →
  20. Mark ArmorGames as confirmed pwned

    I use unique email address per subscriber, and I suddenly started receiving spam on the email I used to signup for armorgames.

    They are not trustworthy. -- this is not an idea, but saw that you have listed them as unconfirmed, I can confirmed my data was leaked from their site --

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

General

Categories

Feedback and Knowledge Base