Add SSH leaked keys
We believe the future of credentials checking goes beyond just password, and integrating SSH key checking would add lots of value to www.haveibeenwned.com.
SSH keys are also sensitive credentials that are increasingly exploited by attackers in our research findings. We are willing to share our up-to-date SSH leaked key database with www.haveibeenwned.com.
Archit Patke commented
That's a good suggestion. We definitely need a public database of leaked SSH keys.
Haoran Qiu commented
Great idea! Sensitive credentials like SSH keys should be taken good care of.
Jack Cui commented
Agreed. Leaked keys are an essential issue that would lead to trenmendous loss for companies or enterprises if not discovered in time.
This is a very timely idea. Today, an exposed SSH public key in Fortinet SIEM allows admin access to the security events system -- referred as CVE-2019-17659.