improvements to domain search for bigger companies
At thousands of employees, the usability of the domain search falls off a cliff. Here's some of the problems I'm seeing and what would improve my usecase significantly.
1) email and personal data leaks are a spam/phish/identity problem: password leaks are a direct attack liability
2) company has been around for a decade, thousands of employees, list of leaks and affected users by any of the leaks is long and unwieldy
3) constantly investigating users that are no longer active
1) focus on password leaks as a higher level of leak than just email and/or personal data -- I'd love to be able to see just the emails on a domain affected by password leaks, ignoring the other kinds. Could expand this to "categories" of leaks and be able to turn off certain categories, to make it more generic
2) Be able to group by leak and see exposed emails in that leak -- especially since I open HIBP as a response to your notification that "X users have been exposed in leak Y" :D
3) When grouping by leak, show the details of that leak
4) Be able to mark emails as irrelevant... ideally have markers like "no longer an active address" and "this is not a person", but any kind of "this isn't a problem if it leaks" indicator would be awesome
5) Be able to mark breaches as "this has been fully processed and there are no further AIs on it" -- for instance, the affected users were asked to change their passwords, etc
Now, any kind of acting on behalf of the entire domain has implications... I'd suggest two parts to this:
1) DNS-based verification of who has the right to act on behalf of a domain -- only users approved via DNS can see these features, the rest see the reports as they currently are. No login/password system necessary or desired -- the current approach is perfectly fine
2) (stretch) an audit log of what was done on the domain
This entire thing could be a paid commercial feature, I'd be happy to advocate for it internally.
Thank you for an awesome service, even as is
This really goes beyond the purpose of HIBP and starts to get into the internal triage processes of your organisation. The intention is to provide the data as I’ve been able to obtain it then the consumer works out what to do with it; which ones are serious (it differs by org), which addresses are still relevant (definitely not something I want to track), and what actions have been taken for an individual breach. APIs exist for you to handle this in conjunction with the domain search.