Have I Been Pwned? API

Steph Locke

2017-05-30

Utilising the HaveIBeenPwned.com API, check whether email addresses and/or user names have been present in a publicly disclosed data breach.

The R package aims to be / is a feature complete wrapper of the HaveIBeenPowned API, and is useful for situations where you may want to assess data breaches or check whether one or more email addresses have been compromised.

If you get a lot of value out of this package, do consider donating to HIBP since Troy Hunt does not put any limits on the API and it’s a tremendous service.

library("HIBPwned")
account_breaches("steff.sullivan@gmail.com", truncate=TRUE)
## $`steff.sullivan@gmail.com`
##       Name
## 1    Adobe
## 2 LinkedIn
breached_sites("adobe.com")
##   Title  Name    Domain BreachDate            AddedDate
## 1 Adobe Adobe adobe.com 2013-10-04 2013-12-04T00:00:00Z
##           ModifiedDate  PwnCount
## 1 2013-12-04T00:00:00Z 152445165
##                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       Description
## 1 In October 2013, 153 million Adobe accounts were breached with each containing an internal ID, username, email, <em>encrypted</em> password and a password hint in plain text. The password cryptography was poorly done and <a href="http://stricture-group.com/files/adobe-top100.txt" target="_blank" rel="noopener">many were quickly resolved back to plain text</a>. The unencrypted hints also <a href="http://www.troyhunt.com/2013/11/adobe-credentials-and-serious.html" target="_blank" rel="noopener">disclosed much about the passwords</a> adding further to the risk that hundreds of millions of Adobe customers already faced.
##                                             DataClasses IsVerified
## 1 Email addresses, Password hints, Passwords, Usernames       TRUE
##   IsFabricated IsSensitive IsActive IsRetired IsSpamList LogoType
## 1        FALSE       FALSE     TRUE     FALSE      FALSE      svg
breached_site("Adobe")
##   Title  Name    Domain BreachDate            AddedDate
## 1 Adobe Adobe adobe.com 2013-10-04 2013-12-04T00:00:00Z
##           ModifiedDate  PwnCount
## 1 2013-12-04T00:00:00Z 152445165
##                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       Description
## 1 In October 2013, 153 million Adobe accounts were breached with each containing an internal ID, username, email, <em>encrypted</em> password and a password hint in plain text. The password cryptography was poorly done and <a href="http://stricture-group.com/files/adobe-top100.txt" target="_blank" rel="noopener">many were quickly resolved back to plain text</a>. The unencrypted hints also <a href="http://www.troyhunt.com/2013/11/adobe-credentials-and-serious.html" target="_blank" rel="noopener">disclosed much about the passwords</a> adding further to the risk that hundreds of millions of Adobe customers already faced.
##                                             DataClasses IsVerified
## 1 Email addresses, Password hints, Passwords, Usernames       TRUE
##   IsFabricated IsSensitive IsActive IsRetired IsSpamList LogoType
## 1        FALSE       FALSE     TRUE     FALSE      FALSE      svg
data_classes()
##  [1] "Account balances"                 "Age groups"                      
##  [3] "Astrological signs"               "Auth tokens"                     
##  [5] "Avatars"                          "Bank account numbers"            
##  [7] "Banking PINs"                     "Beauty ratings"                  
##  [9] "Biometric data"                   "Browser user agent details"      
## [11] "Car ownership statuses"           "Career levels"                   
## [13] "Chat logs"                        "Credit card CVV"                 
## [15] "Credit cards"                     "Credit status information"       
## [17] "Customer feedback"                "Customer interactions"           
## [19] "Dates of birth"                   "Deceased date"                   
## [21] "Device information"               "Device usage tracking data"      
## [23] "Drinking habits"                  "Drug habits"                     
## [25] "Education levels"                 "Email addresses"                 
## [27] "Email messages"                   "Employers"                       
## [29] "Ethnicities"                      "Family members' names"           
## [31] "Family plans"                     "Family structure"                
## [33] "Financial transactions"           "Fitness levels"                  
## [35] "Genders"                          "Geographic locations"            
## [37] "Government issued IDs"            "Health insurance information"    
## [39] "Historical passwords"             "Home ownership statuses"         
## [41] "Homepage URLs"                    "Income levels"                   
## [43] "Instant messenger identities"     "IP addresses"                    
## [45] "Job titles"                       "MAC addresses"                   
## [47] "Marital statuses"                 "Names"                           
## [49] "Nicknames"                        "Parenting plans"                 
## [51] "Partial credit card data"         "Passport numbers"                
## [53] "Password hints"                   "Passwords"                       
## [55] "Payment histories"                "Payment methods"                 
## [57] "Personal descriptions"            "Personal health data"            
## [59] "Personal interests"               "Phone numbers"                   
## [61] "Physical addresses"               "Physical attributes"             
## [63] "Political views"                  "Private messages"                
## [65] "Professional skills"              "Purchases"                       
## [67] "Purchasing habits"                "Races"                           
## [69] "Recovery email addresses"         "Relationship statuses"           
## [71] "Religions"                        "Reward program balances"         
## [73] "Salutations"                      "Security questions and answers"  
## [75] "Sexual fetishes"                  "Sexual orientations"             
## [77] "Smoking habits"                   "SMS messages"                    
## [79] "Social connections"               "Spoken languages"                
## [81] "Survey results"                   "Time zones"                      
## [83] "Travel habits"                    "User statuses"                   
## [85] "User website URLs"                "Usernames"                       
## [87] "Utility bills"                    "Website activity"                
## [89] "Work habits"                      "Years of birth"                  
## [91] "Years of professional experience"