Skip to content

General

← Customer feedback for Have I Been Pwned

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

64 results found

  1. API access: Recurring yearly payment

    This would help us alot as a company. Doing monthly bill mapping with a corporate creditcard is not working for us :-)

    This is coming soon! Announcement and details here: https://www.troyhunt.com/expanding-and-enhancing-the-have-i-been-pwned-api/

    385 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    42 comments  ·  Admin →

  2. Search by phone number

    It would be neat if you could test for pwned accounts searching by phone number. Some utility companies know my phone number but not my email.

    280 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    11 comments  ·  Admin →

  3. Add domain search capability to the API functions

    I've been subscribing to the alerts for breaches related to our corporate domain, which is fantastic, but now that we have Splunk in house, I was hoping to connect directly to the API from a forwarder.

    269 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    19 comments  ·  Admin →

  4. Create different pricing for different rate limits

    Right now there is a 1.5-second delay time b/w request, which is a long delay wait-time for us.
    Currently, we have to thread multiple API keys together to decrease the rate limit, though we'd rather only have to use one and pay a bit extra.
    It would be very helpful if we could pay extra to have a lower rate limit (e.g. think tiers for rate limits maybe?)

    This is coming soon! Announcement and details here: https://www.troyhunt.com/expanding-and-enhancing-the-have-i-been-pwned-api/

    119 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    10 comments  ·  Admin →

  5. Add a link to the site explaining what to do when you are a victim of data breach.

    My email address poped up as being part of a breach. What are the next steps?
    * void the respective accounts?
    * Just change the password?
    * Other options?

    It would be nice just to have a link to some mitigation actions for present and also for the future.

    Thanks for the effort put on this site

    97 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    6 comments  ·  Admin →

  6. Allow users to remove entries associated with their email address from the database

    Or give folks the option to hide their own results from the larger public. As currently configured, the site makes information that is otherwise only available on the darkweb (e.g., saliently, that you were an AdultFriendFinder user) readily accessible to anybody with an internet connection.

    This would only really make sense for pwned email addresses, since there would be no easy way to prove you are the owner of a given account otherwise.

    64 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    11 comments  ·  Admin →

  7. Instead of showing the top 10 the newest breaches should be displayed on the frontpage

    51 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    2 comments  ·  Admin →

  8. Add support for NTLM(MD4) hashes to enable Active Directory auditing

    I wanted to use the list to check existing Active Directory (AD) passwords against this wonderful HIBP list, but the problem is that neither the API nor the offline list support MD4 hashes (AKA NT one-way function or NTLM hash) that are stored in AD databases (together with salted SHA1 and MD5, which therefore cannot be precomputed).

    Would it please be possible to also add support for this (weaker) type of hashes? It would be great to have them available at least through the API and ideally also in a downloadable form.

    30 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    1 comment  ·  Admin →

  9. Add search passwords by a hash value

    Let users use pre-generated hash values to search. Yeah, I know you calculate hashes of typed passwords on a client side, but some people still prefer not to type their password on 3rd party sites.

    25 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    3 comments  ·  Admin →

  10. Include email address in email correspondance when registering

    I have registered several email addresses that I own and that results in a registration email and summary page for each one.

    It's not possible to see in the email body, or on the summary page, which email address they belong to. This is especially tricky with my Exchange inbox which has several email aliases.

    13 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    1 comment  ·  Admin →

  11. Enable a web hook for a callback when an account I'm monitoring is pwned

    At present, notifications can be set up for when an individual address is pwned or when an address on a domain someone is monitoring is pwned. This idea is to programatically enable calling an HTTP endpoint when this event occurs.

    The benefit of this idea is that developers can then implement their own logic which is automatically invoked when an event like this occurs. It's of most value to those monitoring domains where notifications are no a rare occurrence, particularly when we're talking about larger domains.

    12 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Admin →

  12. Add breaches that may be hoaxes, but make it clear!

    Often there are "breaches" which turn out to be hoaxes. On the one hand, having only verified breaches in the system is important in terms of confidence in the data but on the other hand, people still want to know if their email address is circulating in a hoax breach.

    This feature would need to indicate that the breach has not been verified and may be a hoax. It's also important that it wouldn't just automatically appear in results returned by the API, rather it could be requested by passing a parameter to the API such as "IncludeUnverifiedBreaches=true" where the…

    9 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    completed  ·  1 comment  ·  Admin →

  13. Explicitly state the email address that the notification is referring to.

    If you're forwarding emails from a bunch of other addresses it can be awkward to work out which address is involved in the breach. Explicitly stating the email address in the notification would make this easier.

    8 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Admin →

  14. Add more leak source

    Add more leak source :
    - https://twitter.com/pwnagemon
    - https://twitter.com/d2dedwad2

    6 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Admin →

  15. Check if email is listed in stealer logs for my domain

    Currently the https://haveibeenpwned.com/API/v3#StealerLogsForEmail API can only be used with emails of our own domain.
    It would be useful to see if a user on our domain is listed in a stealer log for our domain.

    6 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    1 comment  ·  Admin →

  16. DOGEQUEST

    Please add the latest DOGEQUEST leak. The source code of the website contains all of the email addresses and such that were leaked. It is available via Archive.org's wayback machine, on line 53.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Admin →

  17. Use javascript front-end that converts password to hash on client before sending across web

    To mitigate the risk of sending passwords as straight text over the web to your site, could you not have client-side javascript that converts the password to the SHA1 hash and send the hash to be checked?

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Admin →

  18. Fix Table of Response Codes within API v3 Documentation

    Can you please insert the following into https://haveibeenpwned.com/API/v3#ResponseCodes
    - 503 "Service Unavailable" from https://haveibeenpwned.com/API/v3#RateLimiting
    - 401 "Unauthorized" from https://haveibeenpwned.com/API/v3#Authorisation

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Admin →

  19. Opt-in / Change opt-out type

    It would be great to add opt-in / change opt-out type after user opted-out. For example, I started using 1password, so I would like to switch from "visible just to me" to "delete all previous breaches" so that I can get notification in 1password, resolve it and then "delete all breaches" again.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    1 comment  ·  Admin →

  20. Fix "Pwned Passwords" Two APIs Sentence in Documentation

    Please remove "It's also queryable via the following two APIs:" from https://haveibeenpwned.com/API/v3#PwnedPasswords please as the first API is deprecated?

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Admin →
← Previous 1 3 4
  • Don't see your idea?

General

Categories

Feedback and Knowledge Base

(thinking…)