Skip to content

General

215 results found

  1. acknowledge option

    Hi,
    It will be nice to have an "acknowledge" option if i subscribe - so when i see list of sites/accounts i changed my password too i would be able to acknowledge and then see only new threats as red

    thanks,

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  2. Add URL for a certain paste

    Using the crowd, I have finally solved the mystery which database a certain paste represents: http://security.stackexchange.com/questions/108191/what-can-i-do-if-i-discover-that-my-password-hash-has-been-leaked-in-pastebin

    Can I/Could you add that information?

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  3. Add wpengine.com breach

    There was a breach on wpengine.com, maybe data about accounts will be available somewhere
    https://wpengine.com/support/infosec/

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  4. RSS feeds not working/validating

    Thunderbird refuses to open either your breaches or pastes RSS feeds, claiming failed validation. The w3c feed validator fails both: https://validator.w3.org/feed/
    Whether they are broken or not is beyond my experience :-)

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    declined  ·  1 comment  ·  Admin →
  5. 3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  6. Unsubscribe button please

    This service is awesome and user will be warned if they are pwned.
    But the registration confirmation email says "...and you can unsubscribe at any time if you don't want the notifications."
    Please, make an unsubscribe button. I can't find any unsubscribe button or form on the website or in the email.
    Thanks.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Admin →
  7. Add a captcha

    Because people often use the same user and password combination on multiple sites. If you can search here if you have an account on multiple sites, others can too. If you can slow down automatic search, abusers can be scared away

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  8. either allow use of email from domain registration, or don't claim to

    The domain registration page says "Verifying by email is the fastest way to confirm ownership of the domain. You can either verify using an email address on the domain registration record or by using one of several pre-defined addresses for the domain." However, in fact I cannot find any way to use the email address actually on my domain registration record (paleo.org), as it is not one of the four standard addresses listed.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Admin →
  9. 1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  10. 1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Admin →
  11. Question: Can a Subsequently Deleted EMail Address be accurately confirmed via HIBP, if Registered via EMail Link PRIOR TO Deletion ? Thank

    Question: Can a Subsequently Deleted EMail Address be accurately confirmed via HIBP, if the EMail Address was confirmed Registered (via EMail Link) PRIOR TO Deleting the E-Mail Address ? Thank You.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Admin →
  12. Allow users to search for an email address by hash rather than sending the email to the API in cleartext.

    Under the suspicion that submitted email addresses are being harvested, a privacy conscious user could feel safer checking for the presence of their email in the database by submitting a hash of it rather than the email address itself. I, for instance, have two email addresses: one which everyone knows, and one which very few people know. I'm very curious about the latter, but there's no way I'd enter it into any web form.

    47 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)

    I’m closing this out as “declined” for several reasons:

    1. Now with almost 5B records, there’s a very high chance I have the hash being searched already and if I have that, I know the plain text.
    2. It would lead to massive redundancy in the system, literally doubling the volume of data I store
    3. It would be very rarely used; the vast majority of requests come via the web app from consumers browsing to the site and yes, I could hash on the client, but then you have to trust HIBP is reliably doing that which bring me to the final point…
    4. …I would advise against sending an address to any service you don’t trust, regardless of the lengths I go to in ensuring searches aren’t recorded

    So in summary, a combination of high effort and low reward.

  13. Include credit cards as another search dimension

    As well as user accounts there seem to be a lot of credit cards being leaked. It would be interesting to add credit card numbers to the other search dimensions (username and email address).

    There are some security implications around uploading your credit card to hibp but hibp would not need to store it at all. One you had it hash it and also store the found numbers as a hash. It would then slide right into the existing partition/row key schema.

    If such a system could be implemented I would even consider it a service worth paying for. Perhaps…

    71 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  14. Interpret all permutations of an email address (period seperations, +filters)

    Gmail will ignore periods in an email when it comes to rounding. So email@gmail.com and e.mail@gmail.com will both go to the same address. Someone might want to use the email because it lets them filter those messages from within Gmail.

    I tested it, and as of right now, haveibeenpwned sees them as seperate emails which may give users a false sense of security.

    Develop a way to find all permutations of an email based off of their filterless email address.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    declined  ·  2 comments  ·  Admin →
  15. You are compromising the security of the people

    Regarding the recent Ledger data breach, anyone that types a compromised email address knows that he/she has a ledger wallet and crypto. You are leaking to everybody the same information leaked by the hackers and you are compromising the security of that person by revealing the email, exposing him or her to phishing attempts and even to physical risk if the person that performs the search knows the identity of the owner. This is a very serious issue. Please consider sending the results only by email at least for these most serious data breaches where there is physical risk for…

    0 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
1 2 7 8 9 11 Next →
  • Don't see your idea?

General

Categories

Feedback and Knowledge Base