top | item 45844373

(no title)

froddd | 3 months ago

The details about the “Stealer Logs” on the dashboard even state:

> The websites the stealer logs were captured against are searchable via the HIBP dashboard.

There is no way to use the HIBP dashboard to figure out what domains my email address appears against.

Am I meant to change all passwords associated with that email address? Or do I need to get a paid subscription to query the API to figure out exactly what password(s) to change?

This has always confused me. On the one hand, HIBP is an invaluable service, but, on the other, it does nothing more than stating you’re in trouble, with no clear way forward.

discuss

subscribed|3 months ago

It's quite certainly a up selling attempt. I once spend a couple of hours to see what was actually exposed in the infostealer breach my email appeared (eg: payment data? Physical address? Government id ?) to no avail.

This service is toxic tbh.

Thorrez|3 months ago

The API is free.

https://haveibeenpwned.com/API/v3

Thorrez|3 months ago

You don't need a paid subscription. The API is free.

https://haveibeenpwned.com/API/v3

froddd|3 months ago

The API is not free.

https://haveibeenpwned.com/API/v3#Authorisation