Have I Been Pwned? API

Steph Locke

2016-09-14

Utilising the HaveIBeenPwned.com API, check whether email addresses and/or user names have been present in a publicly disclosed data breach.

The R package aims to be / is a feature complete wrapper of the HaveIBeenPowned API, and is useful for situations where you may want to assess data breaches or check whether one or more email addresses have been compromised.

If you get a lot of value out of this package, do consider donating to HIBP since Troy Hunt does not put any limits on the API and it’s a tremendous service.

library("HIBPwned")
account_breaches("steff.sullivan@gmail.com", truncate=TRUE)
## $`steff.sullivan@gmail.com`
##       Name
## 1    Adobe
## 2 LinkedIn
breached_sites("adobe.com")
##   Title  Name    Domain BreachDate            AddedDate  PwnCount
## 1 Adobe Adobe adobe.com 2013-10-04 2013-12-04T00:00:00Z 152445165
##                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       Description
## 1 In October 2013, 153 million Adobe accounts were breached with each containing an internal ID, username, email, <em>encrypted</em> password and a password hint in plain text. The password cryptography was poorly done and <a href="http://stricture-group.com/files/adobe-top100.txt" target="_blank" rel="noopener">many were quickly resolved back to plain text</a>. The unencrypted hints also <a href="http://www.troyhunt.com/2013/11/adobe-credentials-and-serious.html" target="_blank" rel="noopener">disclosed much about the passwords</a> adding further to the risk that hundreds of millions of Adobe customers already faced.
##                                             DataClasses IsVerified
## 1 Email addresses, Password hints, Passwords, Usernames       TRUE
##   IsSensitive IsActive IsRetired LogoType
## 1       FALSE     TRUE     FALSE      svg
breached_site("Adobe")
##   Title  Name    Domain BreachDate            AddedDate  PwnCount
## 1 Adobe Adobe adobe.com 2013-10-04 2013-12-04T00:00:00Z 152445165
##                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       Description
## 1 In October 2013, 153 million Adobe accounts were breached with each containing an internal ID, username, email, <em>encrypted</em> password and a password hint in plain text. The password cryptography was poorly done and <a href="http://stricture-group.com/files/adobe-top100.txt" target="_blank" rel="noopener">many were quickly resolved back to plain text</a>. The unencrypted hints also <a href="http://www.troyhunt.com/2013/11/adobe-credentials-and-serious.html" target="_blank" rel="noopener">disclosed much about the passwords</a> adding further to the risk that hundreds of millions of Adobe customers already faced.
##                                             DataClasses IsVerified
## 1 Email addresses, Password hints, Passwords, Usernames       TRUE
##   IsSensitive IsActive IsRetired LogoType
## 1       FALSE     TRUE     FALSE      svg
data_classes()
##  [1] "Account balances"               "Age groups"                    
##  [3] "Astrological signs"             "Avatars"                       
##  [5] "Bank account numbers"           "Banking PINs"                  
##  [7] "Beauty ratings"                 "Biometric data"                
##  [9] "Browser user agent details"     "Car ownership statuses"        
## [11] "Career levels"                  "Chat logs"                     
## [13] "Credit card CVV"                "Credit cards"                  
## [15] "Credit status information"      "Customer feedback"             
## [17] "Customer interactions"          "Dates of birth"                
## [19] "Device information"             "Device usage tracking data"    
## [21] "Drinking habits"                "Drug habits"                   
## [23] "Education levels"               "Email addresses"               
## [25] "Email messages"                 "Employers"                     
## [27] "Ethnicities"                    "Family members' names"         
## [29] "Family plans"                   "Family structure"              
## [31] "Financial transactions"         "Fitness levels"                
## [33] "Genders"                        "Geographic locations"          
## [35] "Government issued IDs"          "Historical passwords"          
## [37] "Home ownership statuses"        "Homepage URLs"                 
## [39] "Income levels"                  "Instant messenger identities"  
## [41] "IP addresses"                   "Job titles"                    
## [43] "MAC addresses"                  "Marital statuses"              
## [45] "Names"                          "Nicknames"                     
## [47] "Parenting plans"                "Partial credit card data"      
## [49] "Passport numbers"               "Password hints"                
## [51] "Passwords"                      "Payment histories"             
## [53] "Payment methods"                "Personal descriptions"         
## [55] "Personal interests"             "Phone numbers"                 
## [57] "Physical addresses"             "Physical attributes"           
## [59] "Political views"                "Private messages"              
## [61] "Purchases"                      "Purchasing habits"             
## [63] "Races"                          "Recovery email addresses"      
## [65] "Relationship statuses"          "Religions"                     
## [67] "Reward program balances"        "Salutations"                   
## [69] "Security questions and answers" "Sexual fetishes"               
## [71] "Sexual orientations"            "Smoking habits"                
## [73] "SMS messages"                   "Social connections"            
## [75] "Spoken languages"               "Time zones"                    
## [77] "Travel habits"                  "User statuses"                 
## [79] "User website URLs"              "Usernames"                     
## [81] "Website activity"               "Work habits"                   
## [83] "Years of birth"