HaveIBeenPwned website screenshot

HaveIBeenPwned

Have I Been Pwned (HIBP) is Troy Hunt's free breach-notification and credential-exposure service. The HIBP API v3 lets clients search for email addresses, pastes, stealer-log entries, and monitored domains across the world's largest aggregated breach corpus. A separate free k-anonymity password lookup is offered at api.pwnedpasswords.com.

2 APIs 8 Features
SecurityBreach NotificationCredential StuffingStealer LogsK-AnonymityPrivacyIdentity

APIs

HIBP API v3

Authenticated REST API for searching breaches, pastes, stealer logs, and monitored domains. Requires a paid hibp-api-key. Public read endpoints (/breaches, /breach/{name}, /late...

Pwned Passwords

Free, unauthenticated k-anonymity API for checking whether a password's SHA-1 (or NTLM) hash appears in the HIBP credential corpus. Funded by Cloudflare; no API key required.

Collections

Pricing Plans

Rate Limits

Haveibeenpwned Rate Limits

0 limits

RATE LIMITS

FinOps

Features

Email Breach Search

Lookup all breaches containing an email address.

K-Anonymity Email Search

Privacy-preserving breach lookup by SHA-1 prefix.

Paste Search

Discover paste-site dumps referencing an email.

Stealer Log Lookup

Surface infostealer captures by email, website domain, or email domain.

Domain Monitoring

Subscribe to monitor owned domains via DNS or email verification.

Subscribed Domains Inventory

Inspect monitored domains and pending renewals.

Pwned Passwords (Free)

K-anonymity password compromise lookups with optional response padding.

Subscription Tier Introspection

Inspect the calling key's tier, RPM, and feature flags.

Use Cases

Account Takeover Prevention

Block sign-ups using credentials known to be in public breaches.

Incident Response Triage

Quickly enumerate breaches and pastes touching an affected user.

Domain Risk Monitoring

Continuously detect when a domain's users appear in new breaches.

Password Strength Enforcement

Reject candidate passwords already present in the Pwned Passwords corpus.

Stealer Log Notification

Detect infostealer-captured credentials before adversaries weaponize them.

Integrations

1Password Watchtower

1Password leverages Pwned Passwords to flag compromised credentials.

Mozilla Firefox Monitor

Firefox's breach-notification feature is powered by HIBP.

Okta / Auth0

Identity providers use Pwned Passwords to enforce password policies.

Cloudflare

Cloudflare hosts and accelerates the Pwned Passwords k-anonymity API.

Microsoft Entra (Azure AD)

Banned-password lists can incorporate Pwned Passwords data.

Solutions

Pwned 1

Entry tier ($3.95/mo) for hobbyists and small projects.

Pwned 2

Mid-volume tier with stealer-log access.

Pwned 3

High-volume tier for security vendors and MSSPs.

Pwned 4

Enterprise tier with auto subdomain verification.

Pwned 5

Top tier ($995/mo) for large identity-protection platforms.

Pwned Passwords (Free)

Always-free k-anonymity password lookup at api.pwnedpasswords.com.

Semantic Vocabularies

Haveibeenpwned Context

12 classes · 22 properties

JSON-LD

API Governance Rules

HaveIBeenPwned API Rules

12 rules · 5 errors 7 warnings

SPECTRAL

JSON Structure

Hibp Breach Structure

0 properties

JSON STRUCTURE

Hibp Paste Structure

0 properties

JSON STRUCTURE

Hibp Subscription Status Structure

0 properties

JSON STRUCTURE

Example Payloads

Hibp List Breaches Example

3 fields

EXAMPLE

Resources

🔗
Website
Website
🌐
Portal
Portal
📝
Signup
Signup
💰
Pricing
Pricing
🔗
Plans
Plans
🔗
RateLimits
RateLimits
📜
TermsOfService
TermsOfService
📜
PrivacyPolicy
PrivacyPolicy
🟢
StatusPage
StatusPage
📰
Blog
Blog
👥
GitHubOrganization
GitHubOrganization
💬
Support
Support
💬
FAQ
FAQ
🔗
PublicAPIsListing
PublicAPIsListing
🔗
SpectralRules
SpectralRules
🔗
JSONLD
JSONLD
🔗
Vocabulary
Vocabulary
🔧
Email Address Extractor (CLI)
Tools
🔧
Pwned Passwords Downloader (CLI)
Tools
🔧
Cloudflare Prometheus Exporter
Tools
🔗
Branding
Branding

Sources

Raw ↑
opencollection: 1.0.0
info:
  name: Pwned Passwords API
  version: 2.0.0
items:
- info:
    name: Range Search
    type: folder
  items:
  - info:
      name: Search By Hash Range
      type: http
    http:
      method: GET
      url: https://api.pwnedpasswords.com/range/:hashPrefix
      headers:
      - name: Add-Padding
        value: ''
      params:
      - name: hashPrefix
        value: ''
        type: path
        description: First 5 characters of the SHA-1 (or NTLM) password hash, uppercase hex.
      - name: mode
        value: ''
        type: query
        description: Hash algorithm. Default is SHA-1; set `ntlm` for NTLM hashes.
    docs: 'Returns suffixes of all SHA-1 (or NTLM) hashes that begin with the supplied 5-character

      prefix, alongside the number of times each hash was observed in breaches.

      '
bundled: true