.png?sv=2019-07-07&sig=tB4A62hSSpfZ6hevHsAlDmo52ATX3X9BPFgK5PhKQj4%3D&spr=https%2Chttp&st=2023-09-24T00%3A13%3A32Z&se=2023-09-24T00%3A23%3A32Z&srt=o&ss=b&sp=r){kind=logo}
Have I Been Pwned
- 13 Mar 2023
- 1 Minute to read
- Print
- DarkLight
- PDF
Have I Been Pwned
- Updated on 13 Mar 2023
- 1 Minute to read
- Print
- DarkLight
- PDF
Article Summary
Share feedback
Thanks for sharing your feedback!
Have I Been Pwned is a website to check whether email accounts have been compromised in a data breach.
The Enrich User Data by Have I Been Pwned (HIBP) adapter uses the HIBP API to provide information on breaches, pastes and pwned password identified by the 'Have I Been Pwned' (HIBP) website for a given email account.
NOTE
For details on the breaches, pastes and pwned password identified by 'Have I Been Pwned' (HIBP) API, see HIBP API.
The Have I Been Pwned adapter connection requires the following values:
- Have I Been Pwned Domain - Specify the Have I Been Pwned (HIBP) domain or use the default configured HIBP public domain. This allows you to use the domain of a proxy instead of connecting directly to the server using the default domain of https://haveibeenpwned.com.
- API Key - Use the API key you purchased from 'Have I Been Pwned'.
- Account Email - Specify a specific email account (e.g. axonius@axonius.com).
NOTE
To run the HIBP query against multiple Account Emails, you must use the Enrich User Data with Have I Been Pwned Enforcement Center action.
- Verify SSL - Choose whether to verify the SSL certificate of the server.
- HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.
- Rate Limit (requests per minute) (optional, default: 10) - Use this field to handle rate limit issues by HIBP documentation. It is possible to buy an account with a better rate limit.
