Check if email is listed in stealer logs for my domain

Currently the https://haveibeenpwned.com/API/v3#StealerLogsForEmail API can only be used with emails of our own domain.
It would be useful to see if a user on our domain is listed in a stealer log for our domain.

6 votes

Bram shared this idea · Feb 20, 2025 · Report… · Admin →

completed ·

AdminTroy Hunt (CEO / Founder, Have I Been Pwned) responded · Mar 14, 2025

This is now done: https://www.troyhunt.com/processing-23-billion-rows-of-alien-txtbase-stealer-logs/

Show previous admin responses (1)

An error occurred while saving the comment

Daniel ES commented · February 26, 2025 11:06 AM · Report

I for the life of me can't figure out how I can just figure out what domain(s) have been compromised in the stealer logs based on my email address. Even went as far as signing up and paying for the API, but it seems like I then need to somehow enter every single domain and then demonstrate "control" over that domain? Like what? I need to demonstrate "control" over netflix.com? I need to do this for 500+ sites to see if they're compromised? Should I quit my day job? Please help!

Submitting...

I suggest you ...