Skip to content

General

210 results found

  1. api call

    Hi i want to ask about API,

    i try to call the API via $.ajax and send the hibp-api-key by header, i checked the hibp-api-key at RequestHeader and its correct
    and i get this message in the console
    readyState":0,"status":0,"statusText":"NetworkError: Failed to execute 'send' on 'XMLHttpRequest': Failed to load

    can you help me?

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  2. Version Pwned Password API

    Can you version the "Pwned Passwords" API v2 to reduce the confusion with https://haveibeenpwned.com/API/v3#APIVersion please?

    Can the "Pwned Passwords" API endpoint also specify which release of https://haveibeenpwned.com/Passwords is used within its URL?

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)

    At this stage there’s no plan to version the Pwned Passwords API an it’ll continue to run independently to the APIs for searching breaches.

    See the “last-modified” response header on the API if you’re looking to identify when the data is current as of.

  3. Domain Search Email Validation Not Working

    I'm not receiving emails while attempting to validate my ownership of a domain. We're using Office 365 and the email doesn't appear to be getting caught by the spam or phishing filters.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  4. Can I have my account show up normally- like no breaches found, since I opted out accidentally

    Can I have my account show up normally- like no breaches found, since I opted out accidentally ?

    I am not sure where to post this but I want it like that

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  5. 1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  6. Fix your SMTP server records in DNS (reverse lookup not working).

    Fix your SMTP server: the SMTP server you are using to verify domains does not have a reverse lookup address, so emails are either rejected or marked as spam by any server that is well configured.

    4 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  7. Any suggestions as to anything that can be done to fix any problems associated with these list.

    Would like to see some suggestions as to how to repair/improv being victims of the instances you unveil.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  8. consider social security numbers?

    What potential is there to provide data on SSN that have been exposed in a breach? This seems much more borderline dangerous, but curious about of you've given any thought and the problems / possibilities you see.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  9. Fix multi-domain search results

    Apparently, multi-domain search result for breached email account sets are broken. Maybe only for large result sets?
    I did a multi-domain search after the avectis breach notification with over 10.000 of our company and customer emails affected. However, the "Breached email accounts" tab in the excel format was empty. The HTML did not load (result set to big) and the JSON also only included "{"BreachSearchResults":null, ..."
    Can you check this please?

    17 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  10. Insert Breach's "Permalink"

    Can you please insert the breach's "Permalink" returned by the API?

    For example, include "Permalink" : "https://haveibeenpwned.com/PwnedWebsites#Adobe" similar to the existing key/value pair of "LogoPath".

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  11. small 'best of' download files instead of full 10 gb...

    in one of the recent blogs from you or cloudflare, it is talked that basically it would be best to deny all passwords with a count > 100 and warn on password > 20. would it be possible to create download files just for these (i think) like 10 mil records (all > 20)? that would make it easier to create a local repository database with a workable download size and working count. ... and ignoring the rare passwords which make up the largest bucket of your collection.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)

    You can easily do this yourself by pulling down the entire data set then just extracting all records within the threshold you’ve chosen. I don’t want to publish multiple versions of the same data at different thresholds, this is a very subjective decision and it can easily be extracted from the existing data,

  12. Allow User Submissions

    Please allow users to submit pwnd passwords.

    I just had Google notify me that someone tried to log in with my password from Java Indonesia, yet this password is not in the pwnd password list.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  13. More Info Needed

    A community board for questions.
    I'd like to know how my email was caught up in a breach on a website I never went to.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  14. I dont understand what to do

    Everyone is very excited about this site. But honestly I am confused. I've received a message about my primary email address many times. But there's absolutely no action I can take based on that. Yes, good password hygene, yes, dont reuse passwords. But that's generic advice that I get without needing to be notified. What is the increment of information I get by receiving your email? I think that there is none. Can you help me understand your value?

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Admin →
  15. Add searching by username

    If leaks contain usernames and passwords, wouldn't it be important to be able to find out if one of your usernames has been compromised? Or do emails always accompany the passwords?

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Assuming you mean usernames that are user-chosen strings as opposed to email addresses, this functionality existed in HIBP for a while but was later deprecated. Usernames in this form are not uniquely identifiable, often don’t exist at all (email addresses are used instead) and most importantly, can’t easily be parsed out of a large dump with a regex like email addresses can be. So in summary, low value and high effort.

  16. don't log data that has been input via the website

    a few days after I tested several of my passwords, I started receiving emails from different websites, that someone was trying to log into my accounts. and these are accounts that I haven't used for several years...

    your pawny website is a a phishing scam and people should never ever use it!!!

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  17. Update your pwned list. My email has been pwned, but you do not know.

    I get email threats saying the email and password is compromised. They even list the password. But this email is not showing up in your list.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  18. I want to use my own Password-Creation 2

    I want to use my own Password-Creation (II) without your service 'Free for 30 days'.

    Thank you
    Gerd Taddicken

    Deutsch: Ich möchte mein eigenes Passwort kreieren, generieren ohne ihr System ,30 Tage frei für das Passwort-System'.

    TSA25Jan19, 18.38 h - Local time Germany)

    +++

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  19. I want to use my own Password-Creation

    Hello!

    I lerned only two years English 1965 til 1967
    (Ich lernte nur zwei Jahre englisch von 1965 bis 1967).

    Please translate 'pwned' in German - I cannot find in Google a german Word foŕ it (Bitte übersetzen Sie 'pwned' in deutsch - Bei Google finde ich keine Übersetzung für 'pwned').

    Normally I use 'Startpage' instead of 'Google' (Normalerweise benutze ich 'Startpage' statt Google).

    Thank You - Yours faithfully
    Gerd Taddicken - Germany

    TSA15Jan19, 18.34 h (UTC minus 1 hour?)

    +++

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  20. send part of password hash per mail

    since we have the recommendation of 'never entering a password on a website, unless it's the password field of the according website', i'd suggest to build an send by mail request form.

    if you enter your email, you can choose to get those first 5 chars of all pwned password hashes to the entered email.
    with this, you ensure, that only the pwned email addresses get their pwnge data... (which ofc won't help if the mail account itself has already been hijacked)

    this would help greatly, to check wich password may be leaked and need a change.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  • Don't see your idea?

General

Categories

Feedback and Knowledge Base