Skip to content

I suggest you ...

← General

Indicate which data classes were compromised for each record in a breach

So yeah, when testing an email-address, if should be made clear in the returned results whether the full data (name, physical address, email) or only the email-adress was leaked.
This is important because the ledger hack is more serious than many other to the security of those leaked.

4 votes
Vote

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
You have left! (?) (thinking…)
Lol Cat shared this idea  ·   ·  Report…  ·  Admin →
How important is this to you?

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • AdminTroy Hunt (CEO / Founder, Have I Been Pwned) commented  ·   ·  Report

    I've renamed this to be more generic. Ledger is one of nearly 500 incidents in HIBP with many of them having inconsistently complete data across individual records.

    The chances of this idea being implemented are very low: there's a *huge* amount of parsing overhead involved compared to the current model of simply running a regex over a file to extract email addresses. It also fundamentally changes the data structure as each email address now requires what's effectively a two-dimensional array of breaches and the fields exposed in each breach. That then also flows through to the UX with the need to represent that paradigm on the website, then to the API where the additional dimension also needs to be represented.

    In short: very high overhead and very unlikely to happen. best bet for now is to contact Ledger (or other breached service) and ask them directly what data was compromised for your account.

General

Categories

Feedback and Knowledge Base

(thinking…)