Part of my (slowly) working pipeline of coding projects has been an R package that wraps the fantastic HaveIBeenPwned.com API.
If you’re not already familiar with HaveIBeenPwned, rectify the situation, NOW! Don’t worry about continuing to read the rest of the post; getting yourself signed up for account breach notifications is way more important!
With that stern admonishment out of the way…
HIBPwned is a feature complete R package that allows you to use every (currently) available endpoint of the API. It’s vectorised so no need to loop through email addresses, and it requires no fiddling with authentication or keys.
You can use HIBPwned to do things like:
- Set up your own notification system for account breaches of myriad email addresses & user names that you have
- Check for compromised company email accounts from within your company Active Directory
- Analyse past data breaches and produce charts like Dave McCandless’ Breach chart
What you can’t do:
- Get account breaches for sensitive data breaches – these are by notification only
- Analyse account overlap between breaches
- Produce lists of common passwords
Barring the first item, it’s possible these could eventually be additional features that could be added to the API. If there are any features you’d like to see, make a suggestion. As always, Troy provides this vital service on his own dime, so do consider donating to support the site!
PS We shifted HIBPwned to the Censornet github and released it from there as part of the company’s commitment to open source endeavours and the InfoSec community. Expect more in future!