HIBP FAQs

Question 1

How does the password check work?

Accepted Answer

The password check uses k-anonymity, a technique where only the first five characters of the SHA-1 hash of your password are sent to the API, preventing your full password from being exposed.

Question 2

How can I use HIBP with Claude?

Accepted Answer

HIBP integrates with Claude via the Model Context Protocol (MCP). You can install and configure the HIBP MCP server to allow Claude to check for data breaches directly from your prompts.

Question 3

What does HIBP do?

Accepted Answer

HIBP (Have I Been Pwned) checks if your email address or password has been compromised in any known data breaches. It leverages the Have I Been Pwned API to provide up-to-date breach information.

Question 4

Do I need an API key to use HIBP?

Accepted Answer

For most features, including email breach lookups and retrieving breach details, you need a Have I Been Pwned API key. You can obtain one from haveibeenpwned.com/API/Key.

Question 5

What kind of information does HIBP provide about breaches?

Accepted Answer

HIBP can provide detailed information about specific breaches, including the date of the breach, the domain affected, the types of data leaked (e.g., email addresses, passwords), and a description of the event.

HIBP

About

Key Features

Use Cases