General
114 results found
-
Unsubscribing partial domain email breach notification with multiple domains
If you register an email notification for multiple domains, you are notified for all domains.
However, if at some point you no longer wish to be notified about one of the domains, it does not seem possible to unsubscribe from one of the domains only. (If you unsubscribe from both, and then re-subscribe to just 1 of the domains, it seems like your previous multi-domain account with the same email is reactivated, and multiple domain notifications are again emailed.)1 vote -
1 vote
-
Stop address reuse. Set up a btcpayserver for bitcoin donations instead
I love your site. But for someone giving advice to not reuse passwords, its ironical that you have a static bitcoin address for donations. (FYI: I already donated, and I'll gladly do it again. This is just a tip)
"Address reuse" in bitcoin is problematic as it ties together funds in a way that reduces privacy and security for all involved parties.
Rather, each transaction should always be made to its own address. All modern wallets support this concept. Check out https://btcpayserver.org/ for a free, self-hosted, open source payment processor that is aligned with Bitcoin's (and your own) values of…
1 vote -
Add metadata to describe how password is stored
People should have awareness about proper security of websites
Original title: List websites that do not hash passwords, but rather encrypt or store plain text such as einforma.com edpnet.be
1 vote -
correct PW info ?
I checked my new long & unique 13 character PW.. got the response of Not Pwned... but also: 'Oh NO this PW has been seen before in a breach'... so which is it?
I made up 2 more long & unique PWs to test this and still got the same results. How can a previously non-existent just-made-up PW show in a breach !
I truly appreciate the work your site does, but how can a PW be both safe and compromised at the same time !1 vote -
Support for more verification options on unicode domains
I own an emoji unicode domain, https://⚪🐯.ws. While I can start the verification process, I'm not able to complete verification via email as every email is considered disallowed. DNS TXT verification results in "Catastrophic failure!" (500), as does meta tag validation. File upload results in "No response from domain".
Interestingly, converting it to Punycode (https://xn--f8h8099n.ws) also doesn't work.
Edit: Apologies, the TXT record method works when the domain is converted to unicode. I don't believe anything else does though!
1 vote -
Add test emails with recent breaches.
https://haveibeenpwned.com/API/v3 documentation lists test emails but they have old breaches.
1 vote -
I don't know how to 'search sensitive breaches'. I am subscribed. I'm talking about the option listed underneath search results
So, 1- I got a notification from MyIDCare recently about a breach found Dec 16, 2023. Usually I get a 'pwned' notice as well, but this time I didn't. Just fyi.
2- When I searched my email pwned gave me the results, and underneath there was an option to 'subscribe to search sensitive breaches'. I am subscribed. I looked around for a search breaches option, but I don't see anything. I assume this is a different function that the main 'search my email' function on the home page. Because you don't need to be subscribed to do that. I assumed…
1 vote -
Provide an OpenAPI specification
When a user would like to leverage your API having it advertised in the OpenAPI format make it very easy to understand and leverage.
There are tool in development which allow the automatic generation of a code based on this spec: https://github.com/OpenAPITools/openapi-generator
An example of a spec can be seen at https://developer.shodan.io/api. It can be written in json or yml. Here is an example of it in json: https://developer.shodan.io/api/openapi.json
It allows the creation of attractive interactive docs which can be used to execute the api directly.
It can be edited and validated in a number of ways
- online…1 vote -
Add a "Notes" Column
Add a editable "Notes" column to the Successfully verified domains table.
For example, we'd like to add a Client description. This is so that when they need to be removed from HIBP Portal. We can ensure we remove all domains related. Without this, the portal becomes difficult to manage large amounts of clients.
It would be nice to see a "domain date added" column too.1 vote -
have a way to search a company and see if there is a data breach also even if there isnt a current one maybe the history with said company
have a way to search a company and see if there is a data breach also even if there isnt a current one maybe the history with said company
1 vote -
Permit multiple addresses to be searched at one time
Allow multiple email addresses from different (or same) domains to be searched at one rime. I have multiple email addresses myself and manage email addresses for various other activities e.g. supporting my elderly mother and charitable work.
1 vote -
Include actual API name of breach...
Please include the actual API name of the breach next to the word 'Permalink' on your 'Who's Been Pwned' page so that it can be 'CTRL-F' searched on the page. It's not always exactly the same as the common name for the data leak.
1 vote -
An account system
(request 1/2) I feel like it would be nice to rather than ask for updates through all of your emails, it would be nice to group all your emails together into an account and have them all send to an email of your choice
0 votes
- Don't see your idea?