General
116 results found
- 
discord data breachthis have been breached around Oct 3 1 vote
- 
Vtenext Data BreachI saw a recent suggestion regarding the inclusion of the Vtenext data breach that affected Dolomiti Energia and Sorgenia. To assist you in validating and adding this breach, I believe I have located links on the dark web and a public breach tracking site that appear to host or reference the leaked data. I recommend you investigate the following links: - Dark Web Forum Post:
 https://darkforums.st/member.php ?action=profile&uid= 7728>KaruHunters</a> - Public Breach Tracking:
 https://hackeralert.it/index.php ?page=entryDetails&id=130576 I hope this information is helpful in expediting the process of adding this significant breach to Have I Been Pwned? for the benefit of the affected Italian users. 2 votes
- 
Allow back button when going from domain back to listWhen you are on this page: https://haveibeenpwned.com/Dashboard#Domains And you click on a domain search icon, you cannot use the back button (or mouse back button) to go back. Should be an easy fix by pushing the domain into part of the next page address into the URL history. 1 vote
- 
CNAME records for domain verificationIt would be nice if you could allow for using CNAME records for domain verification. Example: 
 hibp_s8stqti7w56477ulmvzid31k IN CNAME verify.haveibeenpwned.comThis way we can avoid polluting our domain apex with even more TXT records. 1 vote
- 
Provide an API endpoint for domain verificationCurrently to verify a domain for domain searches it must be done manually via a web interface. It would be extremely useful for use cases web hosting services/MSP's to be able to verify domains via an API so DNS verification + domain searches can be done automatically 21 votes
- 
Permit multiple addresses to be searched at one timeAllow multiple email addresses from different (or same) domains to be searched at one rime. I have multiple email addresses myself and manage email addresses for various other activities e.g. supporting my elderly mother and charitable work. 5 votes
- 
Include actual API name of breach...Please include the actual API name of the breach next to the word 'Permalink' on your 'Who's Been Pwned' page so that it can be 'CTRL-F' searched on the page. It's not always exactly the same as the common name for the data leak. 1 vote
- 
have a way to search a company and see if there is a data breach also even if there isnt a current one maybe the history with said companyhave a way to search a company and see if there is a data breach also even if there isnt a current one maybe the history with said company 1 vote
- 
An account system(request 1/2) I feel like it would be nice to rather than ask for updates through all of your emails, it would be nice to group all your emails together into an account and have them all send to an email of your choice 3 votes
- 
Differentiate hashed and plaintext passwords in the data classesSplit the "Passwords" data class into "Hashed Passwords" and "Plaintext Passwords", or simply add the new types. This would allow for different actions to be taken based on the breach data. I think the plaintext identifier would be more important as a flag, and it should be used to also signify easily resolved hashes. (Maybe Passwords is the current hashed/encrypted/plain, and Plaintext is when text has been recovered) 4 votes
- 
CURL script for documentationThe API call documentation is not clear. Can you guys just use CURL command line for documentation or Postman? 3 votes
- 
Add a "Notes" ColumnAdd a editable "Notes" column to the Successfully verified domains table. For example, we'd like to add a Client description. This is so that when they need to be removed from HIBP Portal. We can ensure we remove all domains related. Without this, the portal becomes difficult to manage large amounts of clients. 
 It would be nice to see a "domain date added" column too.1 vote
- 
Provide an OpenAPI specificationWhen a user would like to leverage your API having it advertised in the OpenAPI format make it very easy to understand and leverage. There are tool in development which allow the automatic generation of a code based on this spec: https://github.com/OpenAPITools/openapi-generator An example of a spec can be seen at https://developer.shodan.io/api. It can be written in json or yml. Here is an example of it in json: https://developer.shodan.io/api/openapi.json It allows the creation of attractive interactive docs which can be used to execute the api directly. It can be edited and validated in a number of ways 
 - online…2 votes
- 
Authorize Domain by APIAdd API Functions to Authorize by TXT records to the API. 
 The way I'd do it would be to add an endpoint to view the TXT Record details you need to add... then a second endpoint to verify the TXT Record is valid...Abuse Mitigations are pretty easy, cap max hits/min to the second Endpoint as it has to perform DNS lookups to do it. 
 And the first endpoint can't really be abused anyway as no doubt you combine the user's email plus the domain to get the hash in the TXT record... so that's a nothing function.This will… 18 votes
- 
different Payment methods,Since Creditcard is not commonly used in some parts of the world, adding PayPal for example could create Access for more Companies. 3 votes
- 
Implement test API Key for automated domain search testsI've created a little python tool that queries the hibp domain search for verified domains and breaches related to aliases of this domain. It then saves them to a csv-file. Link to the project: https://github.com/security-companion/hibp-harvester In order for better quality I would like to add automated testing via github actions. So my question is if you could provide a test-API key that has some domains subscribed with some breaches in the aliases so that I could query these and by this make sure code is still good when I change something. For creating the tool I made a subscription and… 4 votes
- 
Ignore pastes over two years oldIgnore pastes that are I suggest more than two years old if the email address hasn't been pwned in that time as it's highly unlikely to become pwned after that time. Leaving it in for a pwned account gives a clue to the source of becoming pwned 2 votes
- 
Breach and the accounts on your domains through APIWhen there is a breach we get an email with the number of accounts for ur domains, then I can use the API to get the breacheddomain. But then I get alle the breaches for that domain, and I want to get only a specifiek breach. So you can search on domein and breach and then get the accounts regarding this. 6 votes
- 
Add payment methods to allow payment by invoice / purchase orderSome businesses do not allow purchase by card 2 votes
- 
Add a "Get all pastes for a domain" API endpointCurrently, HIBP offers a "Get all breached email addresses for a domain" API endpoint and a "Get all pastes for an account" endpoint, but no endpoint exists to search for all pastes for a domain. The domain search API endpoint is incredibly efficient (especially for enterprise customers), but it does not return known pastes for each account. This can be very painful for multiple reasons (not limited to): 1.) Just because an account has NOT been seen in a third-party breach tracked by HIBP does NOT mean it hasn't been seen in a paste. This means we are seeing an… 8 votes
- Don't see your idea?
