General
110 results found
-
Closed EMail Accounts
Would it be possible to Register for HIBP EMail Notification via another designated EMail Address provided, to which the HIBP Notification could be "forwarded" ? ie.: Confirmed and Secure Registration under a designated EMail Address, for one or more 'Closed' EMail Addresses ?
33 votes -
Few more detail on the breach needs to be included
Need few other details on the breaches that happened in the past. Its good we get the information details completely. The same is included in http://www.askmein.com/tools/have-i-been-pwned
7 votes -
Enabl API to be queried such that it returns only the breach name
At present, searching the API returns all data about the breach including description and other meta data. For high volume API consumers, it would be preferable to return just the breach name. Meta data about the breach could then be retrieved in a single API query to the breach service. This would reduce the response size for each query by more than 90%.
11 votes -
Summarise the breach info at the top of domain wide searches
When you search across a domain at present, the breach name is listed next to each impacted account but it's not clear when it happened or when it was loaded into HIBP. It might not make sense to list this info next to every single breached account in the list, but a summary at the top of the page listing key attributes of each relevant breach would be handy.
8 votes -
Add an API endpoint that returns a rate limited response
This would allow easy testing of code to properly handle a rate limit, without having developers intentionally exceed the rate limit in order to test.
https://api.pwnedpasswords.com/rate-limited/backoff
would return a 429 response with a Retry-After header with a a value = backoff. The backoff parameter is optional and if omitted you would return the default backoff seconds (2).It is unclear whether the v2 api is rate limited. You state when describing the V2 API that it is not, but the section regarding rate limiting in the API docs does explicitly state that it doesn't apply to the V2 API. This…
7 votes -
Include the affected email address in the API json structure as well.
Ingesting in Splunk becomes easier when the unique account is included in the API json data structure. Otherwise you cannot tell these individual disclosures apart.
1 vote -
9 votes
-
Add a "Suspended" account button
I have been reported on 3 accounts that Tumblr accounts have been breached, one of them was in fact suspended for unknown reasons.
7 votes -
Have a page with mitigation directions for the technically challenged.
For those of us who are technically challenged, directions on how to mitigate any damage if found to have been breached. For example, my husband and I found that our Adobe accounts were breached, but we do not know when he signed up as he does not have a computer and only created an email when he got a smart phone about 4 years ago. He has no idea of how he got signed up for Adobe. To be honest, I do not remember signing up or into that service either, although I do have it on my computers and…
10 votes -
Add basic correlation logic to compare newly found pastes against current breaches...
Some sort of fuzzy matching & correlation with already posted breaches to see if the paste is just another re-post of the data from another known breach.
One way to do this is look for emails that have the + syntax, which typically means that the user has created a somewhat unique email for a particular service, company, etc
3 votes
- Don't see your idea?