189 results found
You should take a look at gmail adresses with . in them. For my email firstname.lastname@example.org returns as pwned but firstname.lastname@gm
You should take a look at gmail adresses with . in them. For my email email@example.com returns as pwned but firstname.lastname@example.org returns as clean. For gmail these adresses are exactly the same and I use both of them.3 votes
To use hashed email address as part of the query instead of HTML encoded
I don't know if this is already available, but I feel it will be a better idea.1 vote
It provides next to no security (I already have billions of addresses I could use to crack it) and it would require an entire copy of the system hence doubling up on all the storage costs.
Removing cloudflare on api
Cloudflare antibot on your api doesn't make any sense, i have a python discord bot with your api implemented and because of cloudflare i cant use the api anymore and i have quite a few users who use the function.1 vote
crawl for sites that dont delete your account when you ask for it
i know this might be outside the scope of this site
But i have in the past discovered that sites do not delete me when i ask for it
It could be nice to have some sort of crawler that could search the internet for your username or even name and report back on which sites they are found
this could maybe be a seperate site3 votes
Yep, definitely outside the scope of what HIBP does.
Provide sample code for SHA1 hashing for app developers to use
Due to the breadth of different languages out there and the simplicity of create a SHA1 hash and sending it in a web request, I don’t want to get into language specific guidance. If you’re having trouble, try creating the hash here and comparing it with the one you’re creating: http://www.sha1-online.com/
I suspect it’s your encoding, you’ll get a speedy answer on Stack Overflow if you’re still having trouble.
All ok but please reply to our problems sent to you via mail and twitter.......it is a great issue for most of us1 vote
This UserVoice is for suggesting new ideas. If you have an idea you’ve been trying to get in touch with me about and haven’t been able to reach me, please detail it as a new item here. Do read the other ideas here too as well as the HIBP tag on my blog in case it’s already covered there: https://www.troyhunt.com/tag/have-i-been-pwned-3f/
www.socialengineforum.com (1 Jan '01): http://www.socialengineforum.com/dump.sql
the listed date - "(1 Jan '01)" is, shall we say, an out-of-bounds error. Site didn't exist that long ago!1 vote
If the data is no longer there, I can’t tell you anything more about it as I don’t save pastes.
Tell the simple steps to get out of these problems who does not know the technology.
Tell the simple steps to get out of these problems who does not know the technology, how to get out of pwning his/her email or some other account. Dr N C Ghatak.3 votes
Only distribute unique sha1 values
The files version 1, update 1 and update 2 contains 320,3355,236 SHA1 values but only 320,294,464 are unique the difference are 40,772 values1 vote
Please use UserVoice for feature requests.
Provide Solutions on "How To" reverse the process of compromised email address and passwords.1 vote
You cannot reverse an email address and password having been exposed, it is an immutable historic event.
what is this someone help me
Oh no — pwned!
Pwned on 4 breached sites and found 1 paste (subscribe to search sensitive breaches)1 vote
This site is for feature requests so I’m closing this “idea” out.
See the information below the message you posted for details on which sites your email address has appeared breached on.
Make the bitcoin-related sites sensitive
Otherwise, users of bitcoin could be targeted in order to steal their bitcoins (as they are worth so much right now).3 votes
The criteria I use for sensitive breaches is that the public discoverability potentially causes harm; adult websites, for example, have a social stigma.
An increased likelihood of phishing is common to all breaches and at present, I don’t feel that a site merely being financial in nature is sufficient to categorise it along with the likes of Ashley Madison.
Distribute large files via torrents...
subject says it all...3 votes
This blog post explains why I didn’t use torrents: https://www.troyhunt.com/introducing-306-million-freely-downloadable-pwned-passwords/
Plus, with Cloudflare caching the file at their edge nodes, I can’t see any tangible upside to a torrent.
Recover latest pastes RSS feed
The latest pastes RSS feed is empty1 vote
I’ll be writing about this change in the next day, stay tuned to troyhunt.com for more
Can we have option to add email address in verification
It provides predefined email addresses. Can a previously verified user add another user email for verification. Also the verification process does not provide details if the email was sent successfully ( In my case it says successful but I am not receiving verification email)1 vote
How to check if someone with complete access to my company server and all email ID's, has been stealing information?
I've recently found out that my IT person from my company has been stealing information from us. He has complete access to it's domain and server. Do you have any advice on how I can see what kind of information he has taken?
If you have any recommendations on how to find the information on his personal email ID's, that would be very helpful. Thanks1 vote
This is not a feature suggestion for HIBP
Provide a way for me to see the password data or other data associated with my email. Since I use unique passwords, the source is known.
Provide a way for me to find the password data or other data associated with my email. Since I use unique passwords, the source is known. I have no idea if there is valid data in Exploit.In or Anti Public Combo unless I have some more information. You may not want to host the data, but someone is doing it. I have concern over some of those sources. Knowing the password or hash would make it possible to identify the source of the problem.1 vote
why is the yahoo and target breaches not listed?
Why is the target and Yahoo breaches not listed1 vote
I can only load data I have! Neither of these has been circulating in trading circles.
Why did I receive an email indicating pwned on the JustDate fabricated breach, but when I search from the Home page, not listed?
Why did I receive an email indicating pwned on the JustDate fabricated breach, but when I search from the Home page, only the Linkedin breach is noted? Is it possible that the email was spoofed? It looks almost exactly like the one i received when you posted the Linkedin breach. I suspect many others are in this same situation. Esp. if the Justdate breach was indeed 24 million people as the email indicated. Thanks.1 vote
It’s fully explained in the link in the email: https://www.troyhunt.com/introducing-fabricated-data-breaches-to-have-i-been-pwned/
use a protocol on your website that is properly supported.
In all versions of Google Chrome I am now advised;
This site can’t provide a secure connection
haveibeenpwned.com uses an unsupported protocol.
The client and server don't support a common SSL protocol version or cipher suite. This is likely to be caused when the server needs RC4, which is no longer considered secure.
So, why can't you use a proper protocol?1 vote
I’m as close to certain as possible that this is a problem at your end, there’s been a heap of traffic through the site today and yours is the only mention of this. TLS termination is done at Cloudflare and nothing has changed configuration wise.
- Don't see your idea?