General

  1. Fix captcha puzzle for IE11 users

    Currently the buttons at the bottom of the "check all images that have XXX" popup don't work on IE11. Can't Verify, refresh, get help, etc. Makes notifications impossible if the puzzle appears.

    4 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  2. CSO need terms to be able to use HIBP in their company.

    We have integrated HIBP api in some of our security tools in our company in order to estimate the probability of one of our client getting hacked if his email appears in many breaches.

    We beta tested it, but our legal staff pointed out that we needed terms on the website to be able to use it, as the fact you only tell that you don't collect and store email that are searched (we do trust you but legal team don't work on trust :p) is not enough.

    we got in touch with the french "national comity for IT liberty"…

    2 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. Whitelisting to filter out notification on addresses appearing in most notifications

    For large companies monitoring their appearances in notifications there are public addresses (like (info|support|help|contact)@<domain> which will may mean a team receives notifications for most new breaches, but for often singular results of these 'public addresses' in breaches not of concern.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. Closed EMail Accounts

    Would it be possible to Register for HIBP EMail Notification via another designated EMail Address provided, to which the HIBP Notification could be "forwarded" ? ie.: Confirmed and Secure Registration under a designated EMail Address, for one or more 'Closed' EMail Addresses ?

    33 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Flag idea as inappropriate…  ·  Admin →
  5. Few more detail on the breach needs to be included

    Need few other details on the breaches that happened in the past. Its good we get the information details completely. The same is included in http://www.askmein.com/tools/have-i-been-pwned

    7 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  6. Enabl API to be queried such that it returns only the breach name

    At present, searching the API returns all data about the breach including description and other meta data. For high volume API consumers, it would be preferable to return just the breach name. Meta data about the breach could then be retrieved in a single API query to the breach service. This would reduce the response size for each query by more than 90%.

    11 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Summarise the breach info at the top of domain wide searches

    When you search across a domain at present, the breach name is listed next to each impacted account but it's not clear when it happened or when it was loaded into HIBP. It might not make sense to list this info next to every single breached account in the list, but a summary at the top of the page listing key attributes of each relevant breach would be handy.

    8 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. Add an API endpoint that returns a rate limited response

    This would allow easy testing of code to properly handle a rate limit, without having developers intentionally exceed the rate limit in order to test.

    https://api.pwnedpasswords.com/rate-limited/backoff
    would return a 429 response with a Retry-After header with a a value = backoff. The backoff parameter is optional and if omitted you would return the default backoff seconds (2).

    It is unclear whether the v2 api is rate limited. You state when describing the V2 API that it is not, but the section regarding rate limiting in the API docs does explicitly state that it doesn't apply to the V2 API. This…

    7 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  9. Include the affected email address in the API json structure as well.

    Ingesting in Splunk becomes easier when the unique account is included in the API json data structure. Otherwise you cannot tell these individual disclosures apart.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. 9 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add a "Suspended" account button

    I have been reported on 3 accounts that Tumblr accounts have been breached, one of them was in fact suspended for unknown reasons.

    7 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. Have a page with mitigation directions for the technically challenged.

    For those of us who are technically challenged, directions on how to mitigate any damage if found to have been breached. For example, my husband and I found that our Adobe accounts were breached, but we do not know when he signed up as he does not have a computer and only created an email when he got a smart phone about 4 years ago. He has no idea of how he got signed up for Adobe. To be honest, I do not remember signing up or into that service either, although I do have it on my computers and…

    10 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add basic correlation logic to compare newly found pastes against current breaches...

    Some sort of fuzzy matching & correlation with already posted breaches to see if the paste is just another re-post of the data from another known breach.

    One way to do this is look for emails that have the + syntax, which typically means that the user has created a somewhat unique email for a particular service, company, etc

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  Flag idea as inappropriate…  ·  Admin →
  14. Identifying Password Reuse Between Seperate Breaches

    When an account is included in multiple breaches, identify if the leaked password is reused, or similar password used in individual breaches.

    This would be interesting for individual accounts, but more useful when monitoring domains.

    If an account is included within multiple breaches, but there is low/no password reuse/similarity then we can gain a level of comfort that the leaked credentials cannot be used further.

    If however the account that is included in multiple breaches has used the same or similar password across those breaches we can prioritise taking action and changing passwords for non-breached systems.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
1 2 3 5 Next →
  • Don't see your idea?

General

Categories

Feedback and Knowledge Base