HaveIBeenPwned logo

HaveIBeenPwned

Have I Been Pwned (HIBP) is Troy Hunt's free breach-notification and credential-exposure service. The HIBP API v3 lets clients search for email addresses, pastes, stealer-log entries, and monitored domains across the world's largest aggregated breach corpus. A separate free k-anonymity password lookup is offered at api.pwnedpasswords.com.

2 APIs 3 Capabilities 8 Features
SecurityBreach NotificationCredential StuffingStealer LogsK-AnonymityPrivacyIdentity

APIs

HIBP API v3

Authenticated REST API for searching breaches, pastes, stealer logs, and monitored domains. Requires a paid hibp-api-key. Public read endpoints (/breaches, /breach/{name}, /late...

Pwned Passwords

Free, unauthenticated k-anonymity API for checking whether a password's SHA-1 (or NTLM) hash appears in the HIBP credential corpus. Funded by Cloudflare; no API key required.

Capabilities

Account Breach Triage

Run with Naftiko

Domain Monitoring

Run with Naftiko

Password Pwned Check

Run with Naftiko

Features

Email Breach Search

Lookup all breaches containing an email address.

K-Anonymity Email Search

Privacy-preserving breach lookup by SHA-1 prefix.

Paste Search

Discover paste-site dumps referencing an email.

Stealer Log Lookup

Surface infostealer captures by email, website domain, or email domain.

Domain Monitoring

Subscribe to monitor owned domains via DNS or email verification.

Subscribed Domains Inventory

Inspect monitored domains and pending renewals.

Pwned Passwords (Free)

K-anonymity password compromise lookups with optional response padding.

Subscription Tier Introspection

Inspect the calling key's tier, RPM, and feature flags.

Use Cases

Account Takeover Prevention

Block sign-ups using credentials known to be in public breaches.

Incident Response Triage

Quickly enumerate breaches and pastes touching an affected user.

Domain Risk Monitoring

Continuously detect when a domain's users appear in new breaches.

Password Strength Enforcement

Reject candidate passwords already present in the Pwned Passwords corpus.

Stealer Log Notification

Detect infostealer-captured credentials before adversaries weaponize them.

Integrations

1Password Watchtower

1Password leverages Pwned Passwords to flag compromised credentials.

Mozilla Firefox Monitor

Firefox's breach-notification feature is powered by HIBP.

Okta / Auth0

Identity providers use Pwned Passwords to enforce password policies.

Cloudflare

Cloudflare hosts and accelerates the Pwned Passwords k-anonymity API.

Microsoft Entra (Azure AD)

Banned-password lists can incorporate Pwned Passwords data.

Solutions

Pwned 1

Entry tier ($3.95/mo) for hobbyists and small projects.

Pwned 2

Mid-volume tier with stealer-log access.

Pwned 3

High-volume tier for security vendors and MSSPs.

Pwned 4

Enterprise tier with auto subdomain verification.

Pwned 5

Top tier ($995/mo) for large identity-protection platforms.

Pwned Passwords (Free)

Always-free k-anonymity password lookup at api.pwnedpasswords.com.

Semantic Vocabularies

Haveibeenpwned Context

12 classes · 22 properties

JSON-LD

API Governance Rules

HaveIBeenPwned API Rules

12 rules · 5 errors 7 warnings

SPECTRAL

Resources

🔗
Website
Website
🌐
Portal
Portal
📝
SignUp
SignUp
💰
Pricing
Pricing
🔗
Plans
Plans
🔗
RateLimits
RateLimits
📜
TermsOfService
TermsOfService
📜
PrivacyPolicy
PrivacyPolicy
🟢
StatusPage
StatusPage
📰
Blog
Blog
👥
GitHubOrganization
GitHubOrganization
💬
Support
Support
💬
FAQ
FAQ
🔗
PublicAPIsListing
PublicAPIsListing
🔗
SpectralRules
SpectralRules
🔗
JSONLD
JSONLD
🔗
Vocabulary
Vocabulary
🔗
Shared HIBP Capabilities
NaftikoCapability
🔗
Account Breach Triage Workflow
NaftikoCapability
🔗
Domain Monitoring Workflow
NaftikoCapability
🔗
Password Pwned Check Workflow
NaftikoCapability
🔧
Email Address Extractor (CLI)
Tools
🔧
Pwned Passwords Downloader (CLI)
Tools
🔧
Cloudflare Prometheus Exporter
Tools
🔗
Branding
Branding

Sources

Raw ↑ 
aid: haveibeenpwned
name: HaveIBeenPwned
description: >-
  Have I Been Pwned (HIBP) is Troy Hunt's free breach-notification and credential-exposure
  service. The HIBP API v3 lets clients search for email addresses, pastes, stealer-log
  entries, and monitored domains across the world's largest aggregated breach corpus. A
  separate free k-anonymity password lookup is offered at api.pwnedpasswords.com.
url: https://haveibeenpwned.com/API/v3
specificationVersion: '0.20'
created: '2026-05-28'
modified: '2026-05-30'
x-type: company
x-source: public-apis/public-apis
x-category: Security
x-tier: 1
x-tier-reason: real-profile-with-artifacts
image: https://haveibeenpwned.com/Content/Images/PwnedLogoLargeFollowed.png
tags:
  - Security
  - Breach Notification
  - Credential Stuffing
  - Stealer Logs
  - K-Anonymity
  - Privacy
  - Identity
apis:
  - name: HIBP API v3
    description: >-
      Authenticated REST API for searching breaches, pastes, stealer logs, and monitored
      domains. Requires a paid hibp-api-key. Public read endpoints (/breaches, /breach/{name},
      /latestbreach, /dataclasses) are free and unauthenticated.
    humanURL: https://haveibeenpwned.com/API/v3
    baseURL: https://haveibeenpwned.com/api/v3
    tags:
      - Security
      - Breach
      - Stealer Logs
    properties:
      - type: Documentation
        url: https://haveibeenpwned.com/API/v3
      - type: APIReference
        url: https://haveibeenpwned.com/API/v3
      - type: Authentication
        url: https://haveibeenpwned.com/API/Key
      - type: OpenAPI
        url: openapi/hibp-openapi.yml
      - type: JSONSchema
        url: json-schema/hibp-breach-schema.json
        title: Breach Schema
      - type: JSONSchema
        url: json-schema/hibp-paste-schema.json
        title: Paste Schema
      - type: JSONSchema
        url: json-schema/hibp-subscribed-domain-schema.json
        title: Subscribed Domain Schema
      - type: JSONSchema
        url: json-schema/hibp-subscription-status-schema.json
        title: Subscription Status Schema
      - type: JSONSchema
        url: json-schema/hibp-breached-account-range-entry-schema.json
        title: Breached Account Range Entry Schema
      - type: JSONStructure
        url: json-structure/hibp-breach-structure.json
        title: Breach Structure
      - type: JSONStructure
        url: json-structure/hibp-paste-structure.json
        title: Paste Structure
      - type: JSONStructure
        url: json-structure/hibp-subscription-status-structure.json
        title: Subscription Status Structure
      - type: Example
        url: examples/hibp-get-breaches-for-account-example.json
      - type: Example
        url: examples/hibp-get-breaches-by-range-example.json
      - type: Example
        url: examples/hibp-list-breaches-example.json
      - type: Example
        url: examples/hibp-get-breach-by-name-example.json
      - type: Example
        url: examples/hibp-get-latest-breach-example.json
      - type: Example
        url: examples/hibp-list-data-classes-example.json
      - type: Example
        url: examples/hibp-get-pastes-for-account-example.json
      - type: Example
        url: examples/hibp-get-stealer-logs-by-email-example.json
      - type: Example
        url: examples/hibp-get-stealer-logs-by-website-domain-example.json
      - type: Example
        url: examples/hibp-get-stealer-logs-by-email-domain-example.json
      - type: Example
        url: examples/hibp-get-breached-domain-example.json
      - type: Example
        url: examples/hibp-list-subscribed-domains-example.json
      - type: Example
        url: examples/hibp-get-subscription-status-example.json
      - type: Example
        url: examples/hibp-generate-dns-token-example.json
      - type: RateLimits
        url: rate-limits/haveibeenpwned-rate-limits.yml
  - name: Pwned Passwords
    description: >-
      Free, unauthenticated k-anonymity API for checking whether a password's SHA-1 (or NTLM)
      hash appears in the HIBP credential corpus. Funded by Cloudflare; no API key required.
    humanURL: https://haveibeenpwned.com/API/v3#PwnedPasswords
    baseURL: https://api.pwnedpasswords.com
    tags:
      - Security
      - Passwords
      - K-Anonymity
    properties:
      - type: Documentation
        url: https://haveibeenpwned.com/API/v3#PwnedPasswords
      - type: OpenAPI
        url: openapi/pwned-passwords-openapi.yml
      - type: JSONSchema
        url: json-schema/pwned-passwords-range-result-schema.json
        title: Range Result Schema
      - type: Example
        url: examples/pwned-passwords-search-range-example.json
      - type: SDK
        url: https://github.com/HaveIBeenPwned/PwnedPasswordsAzureFunction
        title: Azure Function Reference Implementation
      - type: SDK
        url: https://github.com/HaveIBeenPwned/PwnedPasswordsCloudflareWorker
        title: Cloudflare Worker Reference Implementation
      - type: Tools
        url: https://github.com/HaveIBeenPwned/PwnedPasswordsDownloader
        title: Pwned Passwords Downloader CLI
common:
  - type: Website
    url: https://haveibeenpwned.com
  - type: Portal
    url: https://haveibeenpwned.com
  - type: SignUp
    url: https://haveibeenpwned.com/API/Key
  - type: Pricing
    url: https://haveibeenpwned.com/API/Key
  - type: Plans
    url: plans/haveibeenpwned-plans-pricing.yml
  - type: RateLimits
    url: rate-limits/haveibeenpwned-rate-limits.yml
  - type: TermsOfService
    url: https://haveibeenpwned.com/API/v3#License
  - type: PrivacyPolicy
    url: https://haveibeenpwned.com/Privacy
  - type: StatusPage
    url: https://status.haveibeenpwned.com
  - type: Blog
    url: https://www.troyhunt.com
  - type: GitHubOrganization
    url: https://github.com/HaveIBeenPwned
  - type: Support
    url: https://haveibeenpwned.com/Contact
  - type: FAQ
    url: https://haveibeenpwned.com/FAQs
  - type: PublicAPIsListing
    url: https://github.com/public-apis/public-apis
  - type: SpectralRules
    url: rules/hibp-rules.yml
  - type: JSONLD
    url: json-ld/haveibeenpwned-context.jsonld
  - type: Vocabulary
    url: vocabulary/haveibeenpwned-vocabulary.yml
  - type: NaftikoCapability
    url: capabilities/shared/hibp-shared.yaml
    title: Shared HIBP Capabilities
  - type: NaftikoCapability
    url: capabilities/account-breach-triage.yaml
    title: Account Breach Triage Workflow
  - type: NaftikoCapability
    url: capabilities/domain-monitoring.yaml
    title: Domain Monitoring Workflow
  - type: NaftikoCapability
    url: capabilities/password-pwned-check.yaml
    title: Password Pwned Check Workflow
  - type: Tools
    url: https://github.com/HaveIBeenPwned/EmailAddressExtractor
    title: Email Address Extractor (CLI)
  - type: Tools
    url: https://github.com/HaveIBeenPwned/PwnedPasswordsDownloader
    title: Pwned Passwords Downloader (CLI)
  - type: Tools
    url: https://github.com/HaveIBeenPwned/cloudflare-prometheus-exporter
    title: Cloudflare Prometheus Exporter
  - type: Branding
    url: https://github.com/HaveIBeenPwned/Branding
  - type: Features
    data:
      - name: Email Breach Search
        description: Lookup all breaches containing an email address.
      - name: K-Anonymity Email Search
        description: Privacy-preserving breach lookup by SHA-1 prefix.
      - name: Paste Search
        description: Discover paste-site dumps referencing an email.
      - name: Stealer Log Lookup
        description: Surface infostealer captures by email, website domain, or email domain.
      - name: Domain Monitoring
        description: Subscribe to monitor owned domains via DNS or email verification.
      - name: Subscribed Domains Inventory
        description: Inspect monitored domains and pending renewals.
      - name: Pwned Passwords (Free)
        description: K-anonymity password compromise lookups with optional response padding.
      - name: Subscription Tier Introspection
        description: Inspect the calling key's tier, RPM, and feature flags.
  - type: UseCases
    data:
      - name: Account Takeover Prevention
        description: Block sign-ups using credentials known to be in public breaches.
      - name: Incident Response Triage
        description: Quickly enumerate breaches and pastes touching an affected user.
      - name: Domain Risk Monitoring
        description: Continuously detect when a domain's users appear in new breaches.
      - name: Password Strength Enforcement
        description: Reject candidate passwords already present in the Pwned Passwords corpus.
      - name: Stealer Log Notification
        description: Detect infostealer-captured credentials before adversaries weaponize them.
  - type: Integrations
    data:
      - name: 1Password Watchtower
        description: 1Password leverages Pwned Passwords to flag compromised credentials.
      - name: Mozilla Firefox Monitor
        description: Firefox's breach-notification feature is powered by HIBP.
      - name: Okta / Auth0
        description: Identity providers use Pwned Passwords to enforce password policies.
      - name: Cloudflare
        description: Cloudflare hosts and accelerates the Pwned Passwords k-anonymity API.
      - name: Microsoft Entra (Azure AD)
        description: Banned-password lists can incorporate Pwned Passwords data.
  - type: Solutions
    data:
      - name: Pwned 1
        description: Entry tier ($3.95/mo) for hobbyists and small projects.
      - name: Pwned 2
        description: Mid-volume tier with stealer-log access.
      - name: Pwned 3
        description: High-volume tier for security vendors and MSSPs.
      - name: Pwned 4
        description: Enterprise tier with auto subdomain verification.
      - name: Pwned 5
        description: Top tier ($995/mo) for large identity-protection platforms.
      - name: Pwned Passwords (Free)
        description: Always-free k-anonymity password lookup at api.pwnedpasswords.com.
maintainers:
  - FN: Kin Lane
    email: [email protected]