General

  1. Notification before loading breach onto Azure

    In the past I have recreated the Maltego Graph of all breached sites/names and domains and when I have pushed this to GitHub another breach has been loaded on the same day by a tweet from https://twitter.com/haveibeenpwned

    Can you publish a counter estimating when the next series of breaches will be made available?

    I understand that breaches may be loaded concurrently and/or urgently, etc. Neither am I asking for you to publish the name of the website that you are confirming has been breached, etc

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. 3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. What is LogoType?

    Can you describe what the intended use of the LogoType field in the Breach object is? I can't find anything in the API docs that describes the field. I know what SVG and JPG are, but to what do they refer? Do you have (or plan to have) an API that will return a logo for the name of a breach? I can see from the source of your web pages that you have that data in the content folder

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. 3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  5. explain in the FAQ why a mail address (mine!) appears as hacked in your tool, but the associated password is not listed as hacked?

    Does it mean that the e-mail adress was hacked, but that the associated password was not decrypted? If not, why the password is not found in your database? Thanks.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  6. Not very smart features

    I've changed my password but my mail remain in the list. When my account will be "pwned" again, I will not know about it.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. You should take a look at gmail adresses with . in them. For my email firstnamelastname@gmail.com returns as pwned but firstname.lastname@gm

    You should take a look at gmail adresses with . in them. For my email firstnamelastname@gmail.com returns as pwned but firstname.lastname@gmail.com returns as clean. For gmail these adresses are exactly the same and I use both of them.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. To use hashed email address as part of the query instead of HTML encoded

    I don't know if this is already available, but I feel it will be a better idea.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  9. Removing cloudflare on api

    Cloudflare antibot on your api doesn't make any sense, i have a python discord bot with your api implemented and because of cloudflare i cant use the api anymore and i have quite a few users who use the function.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Cloudflare is absolutely essential for protecting the API from abuse. The only time it should get in the way of legitimate use is if you consistently exceed the rate limit and cause a 24 hour JavaScript challenge to implemented against the offending IP address.

  10. crawl for sites that dont delete your account when you ask for it

    i know this might be outside the scope of this site

    But i have in the past discovered that sites do not delete me when i ask for it

    It could be nice to have some sort of crawler that could search the internet for your username or even name and report back on which sites they are found

    this could maybe be a seperate site

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. Provide sample code for SHA1 hashing for app developers to use

    I have found a number of PowerShell wrappers to the API, and some text hashing scripts, but the hashing does not seem to work when used to hash a known bad password and send it via as SHA1 via the API. Example javascript and/or PowerShell scripts (and maybe others) to show how the hashing should be done, would allow all calls from apps, etc. to use the SHA1 value and not send the "clear" password (even over HTTPS) to the API.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Due to the breadth of different languages out there and the simplicity of create a SHA1 hash and sending it in a web request, I don’t want to get into language specific guidance. If you’re having trouble, try creating the hash here and comparing it with the one you’re creating: http://www.sha1-online.com/

    I suspect it’s your encoding, you’ll get a speedy answer on Stack Overflow if you’re still having trouble.

  12. 1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  13. www.socialengineforum.com (1 Jan '01): http://www.socialengineforum.com/dump.sql

    the listed date - "(1 Jan '01)" is, shall we say, an out-of-bounds error. Site didn't exist that long ago!

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  14. Tell the simple steps to get out of these problems who does not know the technology.

    Tell the simple steps to get out of these problems who does not know the technology, how to get out of pwning his/her email or some other account. Dr N C Ghatak.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. Only distribute unique sha1 values

    The files version 1, update 1 and update 2 contains 320,3355,236 SHA1 values but only 320,294,464 are unique the difference are 40,772 values

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. provide Solutions

    Provide Solutions on "How To" reverse the process of compromised email address and passwords.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. what is this someone help me

    Oh no — pwned!
    Pwned on 4 breached sites and found 1 paste (subscribe to search sensitive breaches)

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. Make the bitcoin-related sites sensitive

    Otherwise, users of bitcoin could be targeted in order to steal their bitcoins (as they are worth so much right now).

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    The criteria I use for sensitive breaches is that the public discoverability potentially causes harm; adult websites, for example, have a social stigma.

    An increased likelihood of phishing is common to all breaches and at present, I don’t feel that a site merely being financial in nature is sufficient to categorise it along with the likes of Ashley Madison.

  19. 3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  20. Recover latest pastes RSS feed

    The latest pastes RSS feed is empty

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

General

Categories

Feedback and Knowledge Base