Skip to content

General

← Customer feedback for Have I Been Pwned

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

59 results found

  1. Test accounts that always return the same results

    For unit testing purposes, to be able to be certain that the data from HIBP is parsed and stored in the application correctly.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Admin →

  2. Add API search for telephone number

    The current API allows the list of pwned accounts (email addresses and usernames) to be quickly searched via a RESTful service.

    Can you add the phone number search (based on your portal search for Facebook breach)?

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Admin →

  3. to make a list of pwned apps or websites from old to new so that it wouldn't be hard for us to scroll down-scroll own to the pwned things.

    make a button for List Of Pwned Apps/Websites, then add summary of each Pwned A/W.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Admin →

  4. Add an option to search breached accounts through a username

    And it could work that if there are multiple accounts using the same username then you for example can choose the one that's yours

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Admin →

  5. Search by email address domain?

    I have my own domain with a catch-all service. Every website I register get's a different mail address which makes it easier to block addresses that receive spam (after a leak) and to check if the sender is really the sender. Checking each mail address individually is time consuming, can I somehow check all mailaddresses ending with my specific domain?

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Admin →

  6. automatation / ml / nlp for surfacing "sensitive" breach

    Curious about your thoughts on using some sort of automation / aggregation / ML to help classify what constitutes a "sensitive" breach, and also what the most up-to-date state of "sensitive breach" classification logic is.

    Would also be great to have an easy-to-find and up-to-date list of what those sites are.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Admin →

  7. top list of worst passwords.

    Not sure how prevalent very popular passwords are, so Id suggest if possible, it would be a real nice feature to see the worst offenders in order of most reused.

    For instance "password", is its millions of instances actually #1 or is something else more prevalent?

    Seeing the worst of the worst in terms of commonality/instances of use would be a nice tool for average users to gauge just exactly how bad that "Password1!" workaround really is.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Admin →

  8. Being able to clear the history of breaches.

    I would love to be able to clear the breached websites that my email adress has. I think this would be a great addition to the opt-out feature.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Admin →

  9. Cannot do payments from debit card for one time.

    You should add debit cards also in payment and upi.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Admin →

  10. Opt-in / Change opt-out type

    It would be great to add opt-in / change opt-out type after user opted-out. For example, I started using 1password, so I would like to switch from "visible just to me" to "delete all previous breaches" so that I can get notification in 1password, resolve it and then "delete all breaches" again.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    1 comment  ·  Admin →

  11. Provide further evidence to validate how secure this site is

    Given the fact a lot of users who come to this site may already be "super" worried about putting their email address "anywhere" online due to the fact they will have come to this site pretty much following a data breach story and / or because their own account has been compromised, without giving too much away to those that like to hack, would very much appreciate a way in which you could prove an email address is not stored for a user to feel relieved / happy they can use your site confidently and enter an email address.

    I…

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Admin →

  12. Please. could you explain whats the meaning of "pwned" in English?, because y cant't find it in any english dictionary.

    Please. could you explain whats the meaning of "pwned" in English?, because y cant't find it in any english dictionary.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Admin →

  13. Allow CSIRTs to be able to monitor their constituents domains

    CSIRTs use to monitor their customers domains in order to warn them about potential breaches, vulnerabilities and incidents related to them. It should be good to allow CSIRTs covering a large constituency (like national CSIRT, industry CSIRTs, Academic CSIRTs) to be able to monitor their constituents domains by accessing the info in a convenient way (by signing, for example, an NDA, compromise, etc)

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Admin →

  14. V5 files contain seeded hashes?

    The latest V5 password files sorted by hash come up negative with all tested passwords. It looks like the hashes are seeded or non-standard. This applies to both SHA1 and NTLM files of version V5.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    completed  ·  12 comments  ·  Admin →

  15. Add search passwords by a hash value

    Let users use pre-generated hash values to search. Yeah, I know you calculate hashes of typed passwords on a client side, but some people still prefer not to type their password on 3rd party sites.

    25 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    3 comments  ·  Admin →

  16. Fix Table of Response Codes within API v3 Documentation

    Can you please insert the following into https://haveibeenpwned.com/API/v3#ResponseCodes
    - 503 "Service Unavailable" from https://haveibeenpwned.com/API/v3#RateLimiting
    - 401 "Unauthorized" from https://haveibeenpwned.com/API/v3#Authorisation

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Admin →

  17. Fix "Pwned Passwords" Two APIs Sentence in Documentation

    Please remove "It's also queryable via the following two APIs:" from https://haveibeenpwned.com/API/v3#PwnedPasswords please as the first API is deprecated?

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Admin →

  18. haveibeenpwned.com/api

    I now get this"You have been blocked from accessing this resource on Have I Been Pwned" when using the URI for account checking. I tried it on 3 systems (IPs) and get the same result

    https://haveibeenpwned.com/api/v2/breachedaccount/test@test.com?truncateResponse=true

    Is this because of the test@test.com?

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    2 comments  ·  Admin →

  19. Allow viewing of one pwned website at once

    On the Pwned Websites list (https://haveibeenpwned.com/PwnedWebsites), there is no way to link to a specific site. This could be done easily in two ways:

    1) Give each pwned website its own page (e.g. https://haveibeenpwned.com/PwnedWebsites/Verifications-IO) that just gives that website's description.

    2) Add an anchor link to each pwned website's header so we can deep-link directly to one site.

    Ideally both could be done, and should be relatively easy (I think).

    The reason I want this is that I monitor our corporate network for any corporate accounts that are included in breaches, and let people know about them.…

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    1 comment  ·  Admin →
    completed  ·  AdminTroy Hunt (CEO / Founder, Have I Been Pwned) responded

    So this was always possible (each breach has an anchor that can be linked to), but there wasn’t an easily clickable reference. I’ve just added a permalink under each breach description which should make this easier. It’s now deploying, let that finish and allow cache to flush and it’ll be good.

  20. Add support for NTLM(MD4) hashes to enable Active Directory auditing

    I wanted to use the list to check existing Active Directory (AD) passwords against this wonderful HIBP list, but the problem is that neither the API nor the offline list support MD4 hashes (AKA NT one-way function or NTLM hash) that are stored in AD databases (together with salted SHA1 and MD5, which therefore cannot be precomputed).

    Would it please be possible to also add support for this (weaker) type of hashes? It would be great to have them available at least through the API and ideally also in a downloadable form.

    30 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    1 comment  ·  Admin →
2
  • Don't see your idea?

General

Categories

Feedback and Knowledge Base

(thinking…)