Skip to content

General

203 results found

  1. Remove password which is pwned on small and don't see in long time.

    First time i have check my password, it was not pwned.
    Second time, just after first time some days, it was pwned with "seen 1 time before".
    This is no problem until now, but when github start using your api to check password and force i give up my good password!
    So please remove password which "seen 1 time before", or at least make a feature that auto remove password from your database if it is not pwned or less pwned in long time.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  2. Add incremental updates to the PWNd password data sets

    While it wouldn't preserve order, generally, it would greatly reduce the burden on people downloading those data sets for their own use. It has the potential to drastically reduce the bandwidth costs for the system as users would likely download the bulk of the set just once and then get the updates thereafter.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  3. 1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  4. Help victims of cyber stalkers

    I have a friend who is being absolutely terrorized by a computer savvy guy who is backhandedly threatening her life, posting her real name on adult websites, hacking her voicemails, opening accounts with her information and we believe he has now shared her info on some dark web place allowing other hackers access to her information. We have made police reports and even contacted the FBI cyber crimes unit. But this guy is using VPN’s and change your number apps. He calls and harasses her constantly, for over 4 months now this has been going on. I heard about this…

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  5. Give us if our email is likely to be pasted.

    We should be told if a hacker can still access our email or paste it. We should be told that once we receive our results,

    2 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  6. Describe why a search of an e-mail address using the form and API return different results

    If I search for my work e-mail address on the web page, I get no results. However, if I search for my work e-mail address with the API I get two results.
    Why is this different?
    I am suspecting that the lack of passwords in the breach constitutes not being pwned?

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  7. Cit0day - is it possible to include the site(s) whose lists an email appeared in?

    In the alert email for the Cit0day breach, the only information provided is that one's email appeared somewhere in the breach of the 23k websites. If it's possible, it could be helpful for users to be informed of which specific site(s) their credentials were listed under.

    I fully grant the larger point about encouraging the use of a password manager to mitigate the risk regardless. Thanks! :)

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    HIBP only matches an email address to a single “breach” (which is what the Cit0day collection is treated as) and doesn’t have a provision to add any additional data such as which file the email address appeared in.

  8. 1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  9. Add as a FAQ how Pwned Passwords aligns with Google's new Safety Check

    Google now detects some email / password combo breaches. Google doesn't have any more detail on when / what / where. What might explain any difference w Pwned Passwords?

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  10. Option to return "no breaches found" in json body, rather than simply a 404 status

    It would be good to be able to return something in the json body when no breaches are found for an account.
    A parameter to enable this message would be great.
    I'm working with a 3rd party software to pull data, and doesn't expose the status in an accessible way.

    (I would have thought a 204 status would have made more sense?)

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    HTTP 404 is the semantically correct response code, there’s no reason to include anything further in the body. Sounds like a deficiency with the product you’re using if it’s unable to interpret response codes correctly.

  11. Have I Been Pwned API to get breached password list

    The official page of “Have I Been pwned” (https://haveibeenpwned.com/Passwords) is showing anomaly behavior for checking breached password. For the same password being used, it returns different results. Sometimes it shows that the password has been breached and when I try it again with the same password, it shows the password has not been breached. I tried this with the password “Password1.”.

    Also, its API (Searching by range, which I have used with my java project) does not signify that the password "P@ssw0rd123" was breached, but its website https://haveibeenpwned.com/Passwords shows that this password was breached.

    Could you please make…

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  12. i pressed the wrong option when opting out so i wish we were allowed to opt out, i try again but it says i cant.

    i opted out using the wrong option and it still says ive been pwned so im suggesting theres an option to opt out a different way even if you already opted out. everytime i try to opt out again i get the same email telling me i cant.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  13. Filter known breaches and pastes in the API

    It would be nice if we could pass a set of breach names into the https://haveibeenpwned.com/api/v3/breachedaccount and a set of paste data into https://haveibeenpwned.com/api/v3/pasteaccount and have them only provide results for the breaches and pastes not on the list, basically something like ?exclude=thing1,thing%20two for breachedaccount and something like ?exclude=%7B%22PasteBin%22:%20[%22123%22,%22456%22],%22Pastie%22:%20[%22abc%22]%7D for pasteaccount.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    That sounds like something you could easily filter on the client end: request the data for an account then remove all items that don’t match what you’re looking for. There’d be no performance benefit doing it on the HIBP end as the query presently just picks up an entity (the account being searched for) and returns it in its entirety.

  14. Fix QuinStreet information

    QuinStreet is not an online service, it has leaked my info it must have accuired from buying it from other companies that I do not know who is. They have no login that can be fixed. Firefox Monitor uses your service to alert for this company, but as is it makes little sense to present it as a web service I have signed up for.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  15. improvement on awarness and great feature

    It would be better if u also added the info about which site leaked our data, no need to give passwords...
    It would encourage us to let our friends know about it if they used the same website and create a lot more interest and awareness all around.
    I know this data(which site leaked it) might be hard to get and might be rarely available .You might know only few of thosee.But still ,a start in this direction might be lovely and show to other people that u dont know where the leak came from...they might help u provide the…

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  16. 1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  17. Check Pastir.com for pastes

    Mine was there but your site didnt find it

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  18. Investigate this: Dear Alumni & Friends, Report of a Data Security Incident I am writing to notify you of a data security incident that ha

    Dear Alumni & Friends,

    Report of a Data Security Incident

    I am writing to notify you of a data security incident that has affected one of the University’s third party service providers, Blackbaud, which provides cloud computing software used for processing some of your personal data.

    We recognise that this is unsettling news and we sincerely apologise that this has happened, but rest assured that Blackbaud have taken steps to mitigate this incident and any risks to your information. The University is following up with internal investigations and remedial actions of its own. However, we advise that you be vigilant…

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  19. Xploder forum breach

    Hey,
    when googling one of my email addresses I found three similar dumps from xploder forums. This is not showing up when I search for my email here.
    How can I send you a link to the dumps, post it just here?

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  20. 1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  • Don't see your idea?

General

Categories

Feedback and Knowledge Base