Full email service for companies to help CISOs
I'm using Have I been Pwned to find out unsealed email accounts and passwords for our company domain and I'm very pleased about this service.
But to make life easier I suggest the following service:
1) I sign in at Have I Been Pwned.
2) I type in and confirm all domains of my company
3) I define a text to inform my users about a possible problem, that their passwords are maybe lost.
4) I accept the actual status of unsealed account information as the base line
5) If new breaches of user accounts will occur Have I Been Pwned will send automatically an email with the pre defined text to only the users with the new possible problem.
6) In addition Have I Been Pwned remembers this status to make sure that users will only be informed in the case of new credential losses.
This will make sure that all of my users will be informed automatically, but only for new breaches and not for old ones.
And if Have I Been Pwned will send the emails from a defined IP, I can mark this emails as proved for my users.
Being responsible for security in a large company this will help me a lot and therefore I would be happy to pay for this kind of service and like to support this very good website and initative.
Thanks, have a nice day, Dirk
Hi Dirk, thanks for taking the time to write this. I'm going to leave it open, but TBH I think it's highly unlikely this will be built primarily because it makes HIBP responsible for communicating directly to people within an organisation. These comms are usually pretty carefully controlled by those who are responsible for infosec within the org. Let's see if it gets any further interest.