Skip to content

General

230 results found

  1. I dont understand what to do

    Everyone is very excited about this site. But honestly I am confused. I've received a message about my primary email address many times. But there's absolutely no action I can take based on that. Yes, good password hygene, yes, dont reuse passwords. But that's generic advice that I get without needing to be notified. What is the increment of information I get by receiving your email? I think that there is none. Can you help me understand your value?

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Admin →
  2. send part of password hash per mail

    since we have the recommendation of 'never entering a password on a website, unless it's the password field of the according website', i'd suggest to build an send by mail request form.

    if you enter your email, you can choose to get those first 5 chars of all pwned password hashes to the entered email.
    with this, you ensure, that only the pwned email addresses get their pwnge data... (which ofc won't help if the mail account itself has already been hijacked)

    this would help greatly, to check wich password may be leaked and need a change.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  3. I want to use my own Password-Creation

    Hello!

    I lerned only two years English 1965 til 1967
    (Ich lernte nur zwei Jahre englisch von 1965 bis 1967).

    Please translate 'pwned' in German - I cannot find in Google a german Word foŕ it (Bitte übersetzen Sie 'pwned' in deutsch - Bei Google finde ich keine Übersetzung für 'pwned').

    Normally I use 'Startpage' instead of 'Google' (Normalerweise benutze ich 'Startpage' statt Google).

    Thank You - Yours faithfully
    Gerd Taddicken - Germany

    TSA15Jan19, 18.34 h (UTC minus 1 hour?)

    +++

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  4. I want to use my own Password-Creation 2

    I want to use my own Password-Creation (II) without your service 'Free for 30 days'.

    Thank you
    Gerd Taddicken

    Deutsch: Ich möchte mein eigenes Passwort kreieren, generieren ohne ihr System ,30 Tage frei für das Passwort-System'.

    TSA25Jan19, 18.38 h - Local time Germany)

    +++

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  5. Add searching by username

    If leaks contain usernames and passwords, wouldn't it be important to be able to find out if one of your usernames has been compromised? Or do emails always accompany the passwords?

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Assuming you mean usernames that are user-chosen strings as opposed to email addresses, this functionality existed in HIBP for a while but was later deprecated. Usernames in this form are not uniquely identifiable, often don’t exist at all (email addresses are used instead) and most importantly, can’t easily be parsed out of a large dump with a regex like email addresses can be. So in summary, low value and high effort.

  6. More Info Needed

    A community board for questions.
    I'd like to know how my email was caught up in a breach on a website I never went to.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  7. Allow User Submissions

    Please allow users to submit pwnd passwords.

    I just had Google notify me that someone tried to log in with my password from Java Indonesia, yet this password is not in the pwnd password list.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  8. 1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  9. Can I have my account show up normally- like no breaches found, since I opted out accidentally

    Can I have my account show up normally- like no breaches found, since I opted out accidentally ?

    I am not sure where to post this but I want it like that

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  10. api call

    Hi i want to ask about API,

    i try to call the API via $.ajax and send the hibp-api-key by header, i checked the hibp-api-key at RequestHeader and its correct
    and i get this message in the console
    readyState":0,"status":0,"statusText":"NetworkError: Failed to execute 'send' on 'XMLHttpRequest': Failed to load

    can you help me?

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  11. Normalize all searches to lower case

    I sometimes capitalize portions of my email address.
    After checking the same email address twice - one time all lower case and another using some upper case - I got different results!

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  12. Drop support for weak cipher suites

    The Qualys SSL Server Test shows that haveibeenpwned.com supports weak cipher suites for TLS 1.2. Please drop support for these to make haveibeenpwned.com even more secure.
    https://www.ssllabs.com/ssltest/analyze.html?d=haveibeenpwned.com

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  13. Use certificates that specify OCSP Must-Staple

    The Qualys SSL Server Test shows that haveibeenpwned.com uses certificates that do not specify OCSP Must-Staple. When you replace these certificates near their expiry date, please get certificates that specify OCSP Must-Staple. Scott Helme has a good article on why OCSP Must-Staple is important.

    https://www.ssllabs.com/ssltest/analyze.html?d=haveibeenpwned.com
    https://scotthelme.co.uk/ocsp-must-staple/

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  14. Question: Does HIBP check user ids as well as email address?

    Some websites use userids instead of email addresses. Are userids checked the same as email addresses?

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  15. 1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  16. 1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  17. How to opt-in again after opting-out? Please read :)

    I have opt-out by removing my email addr from public search.

    I thought by using an API key to search for my own email, I am able to retrieve my own breaches, but it was a 404.

    How do I opt-in again or at least allow email address owners to search for their own breaches?

    I think the language is not very clear on the opt-out page, thus leading to me buying the API key for nothing. I wasted $3.50

    It says "You can still search your own address using the notification service that ensures you control the address before…

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Admin →

    UserVoice is for suggesting new ideas so I’m marking this as “declined”.

    Your address will only still be searchable by yourself if you choose the first option that simply removes it from public visibility. If you choose either the 2nd or 3rd option, the data is permanently deleted and no longer searchable by any means.

  18. Fix the opt-out.

    I was able to opt out public searches on 1 of 2 accounts. The second one I went through the steps and it now tells me I have opted out, however I am still able to look up the second email.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  19. Update with the Zoom data breach

    Add the people whose account details were made available after using Zoom

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Admin →
  20. question here... are non-user data not exposed?

    what I want to ask is that... when those mailicious people gain access to a database, do they just go for emails and passwords? I am sure there are other data such as creation dates, private messages, ssn, interests and more, are these exposed as well? do the mailicious people strip out these info before posting online?

    why your site and other similar sites not have data classes for these other info?

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  • Don't see your idea?

General

Categories

Feedback and Knowledge Base