Skip to content

I suggest you ...

← General

Provide database dump for hashes of email address for offline download

This can be very useful for companies to verify if their users (non-staff) are affected by any breaches and inform them to not share password for different systems. I'm residing in EU, GDPR doesn't allow us to send email to your API to check if a particular email address appear in any breach.

1 vote
Vote

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
You have left! (?) (thinking…)
Anonymous shared this idea  ·   ·  Report…  ·  Admin →
declined  ·  AdminTroy Hunt (CEO / Founder, Have I Been Pwned) responded  · 

This would enable anyone to download everyone’s data. Hashes may be cracked which would allow for mass enumeration of emails in a breach. There is no provision in GDPR which prohibits an EU data subject from searching for their email address via the online service.

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Alex Gates commented  ·   ·  Report

    For someone who is residing outside an EU where GDPR norm is not applicable, are they eligible to get such a dump of emails, passwords, and certain personal information?

General

Categories

Feedback and Knowledge Base

(thinking…)