Utilising the HaveIBeenPwned.com API, check whether email addresses and/or user names have been present in a publicly disclosed data breach.

The R package aims to be / is a feature complete wrapper of the HaveIBeenPowned API, and is useful for situations where you may want to assess data breaches or check whether one or more email addresses have been compromised.

If you get a lot of value out of this package, do consider donating to HIBP since Troy Hunt does not put any limits on the API and it’s a tremendous service.

library("HIBPwned")
account_breaches("steff.sullivan@gmail.com", truncate=TRUE)
## http error code: 403
## Try number 2
## http error code: 403
## Try number 3
## http error code: 403
## Try number 4
## http error code: 403
## Try number 5
## http error code: 403
## Try number 6
## This is the last try, if it fails will return NULL
## http error code: 403
## $`steff.sullivan@gmail.com`
## NULL
breached_sites("adobe.com")
##    Name Title    Domain BreachDate            AddedDate
## 1 Adobe Adobe adobe.com 2013-10-04 2013-12-04T00:00:00Z
##           ModifiedDate  PwnCount
## 1 2013-12-04T00:00:00Z 152445165
##                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       Description
## 1 In October 2013, 153 million Adobe accounts were breached with each containing an internal ID, username, email, <em>encrypted</em> password and a password hint in plain text. The password cryptography was poorly done and <a href="http://stricture-group.com/files/adobe-top100.txt" target="_blank" rel="noopener">many were quickly resolved back to plain text</a>. The unencrypted hints also <a href="http://www.troyhunt.com/2013/11/adobe-credentials-and-serious.html" target="_blank" rel="noopener">disclosed much about the passwords</a> adding further to the risk that hundreds of millions of Adobe customers already faced.
##                                                         LogoPath
## 1 https://haveibeenpwned.com/Content/Images/PwnedLogos/Adobe.png
##                                             DataClasses IsVerified
## 1 Email addresses, Password hints, Passwords, Usernames       TRUE
##   IsFabricated IsSensitive IsRetired IsSpamList
## 1        FALSE       FALSE     FALSE      FALSE
breached_site("Adobe")
##    Name Title    Domain BreachDate            AddedDate
## 1 Adobe Adobe adobe.com 2013-10-04 2013-12-04T00:00:00Z
##           ModifiedDate  PwnCount
## 1 2013-12-04T00:00:00Z 152445165
##                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       Description
## 1 In October 2013, 153 million Adobe accounts were breached with each containing an internal ID, username, email, <em>encrypted</em> password and a password hint in plain text. The password cryptography was poorly done and <a href="http://stricture-group.com/files/adobe-top100.txt" target="_blank" rel="noopener">many were quickly resolved back to plain text</a>. The unencrypted hints also <a href="http://www.troyhunt.com/2013/11/adobe-credentials-and-serious.html" target="_blank" rel="noopener">disclosed much about the passwords</a> adding further to the risk that hundreds of millions of Adobe customers already faced.
##                                                         LogoPath
## 1 https://haveibeenpwned.com/Content/Images/PwnedLogos/Adobe.png
##                                             DataClasses IsVerified
## 1 Email addresses, Password hints, Passwords, Usernames       TRUE
##   IsFabricated IsSensitive IsRetired IsSpamList
## 1        FALSE       FALSE     FALSE      FALSE
##   [1] "Account balances"                 "Address book contacts"           
##   [3] "Age groups"                       "Ages"                            
##   [5] "Apps installed on devices"        "Astrological signs"              
##   [7] "Audio recordings"                 "Auth tokens"                     
##   [9] "Avatars"                          "Bank account numbers"            
##  [11] "Beauty ratings"                   "Biometric data"                  
##  [13] "Bios"                             "Browser user agent details"      
##  [15] "Browsing histories"               "Buying preferences"              
##  [17] "Car ownership statuses"           "Career levels"                   
##  [19] "Cellular network names"           "Charitable donations"            
##  [21] "Chat logs"                        "Credit card CVV"                 
##  [23] "Credit cards"                     "Credit status information"       
##  [25] "Customer feedback"                "Customer interactions"           
##  [27] "Dates of birth"                   "Deceased date"                   
##  [29] "Deceased statuses"                "Device information"              
##  [31] "Device usage tracking data"       "Drinking habits"                 
##  [33] "Drug habits"                      "Eating habits"                   
##  [35] "Education levels"                 "Email addresses"                 
##  [37] "Email messages"                   "Employers"                       
##  [39] "Employment statuses"              "Ethnicities"                     
##  [41] "Family members' names"            "Family plans"                    
##  [43] "Family structure"                 "Financial investments"           
##  [45] "Financial transactions"           "Fitness levels"                  
##  [47] "Genders"                          "Geographic locations"            
##  [49] "Government issued IDs"            "Health insurance information"    
##  [51] "Historical passwords"             "Home loan information"           
##  [53] "Home ownership statuses"          "Homepage URLs"                   
##  [55] "IMEI numbers"                     "IMSI numbers"                    
##  [57] "Income levels"                    "Instant messenger identities"    
##  [59] "IP addresses"                     "Job titles"                      
##  [61] "MAC addresses"                    "Marital statuses"                
##  [63] "Names"                            "Nationalities"                   
##  [65] "Net worths"                       "Nicknames"                       
##  [67] "Occupations"                      "Parenting plans"                 
##  [69] "Partial credit card data"         "Passport numbers"                
##  [71] "Password hints"                   "Passwords"                       
##  [73] "Payment histories"                "Payment methods"                 
##  [75] "Personal descriptions"            "Personal health data"            
##  [77] "Personal interests"               "Phone numbers"                   
##  [79] "Photos"                           "Physical addresses"              
##  [81] "Physical attributes"              "PINs"                            
##  [83] "Political donations"              "Political views"                 
##  [85] "Private messages"                 "Professional skills"             
##  [87] "Profile photos"                   "Purchases"                       
##  [89] "Purchasing habits"                "Races"                           
##  [91] "Recovery email addresses"         "Relationship statuses"           
##  [93] "Religions"                        "Reward program balances"         
##  [95] "Salutations"                      "School grades (class levels)"    
##  [97] "Security questions and answers"   "Sexual fetishes"                 
##  [99] "Sexual orientations"              "Smoking habits"                  
## [101] "SMS messages"                     "Social connections"              
## [103] "Social media profiles"            "Social security numbers"         
## [105] "Spoken languages"                 "Support tickets"                 
## [107] "Survey results"                   "Time zones"                      
## [109] "Travel habits"                    "User statuses"                   
## [111] "User website URLs"                "Usernames"                       
## [113] "Utility bills"                    "Vehicle details"                 
## [115] "Website activity"                 "Work habits"                     
## [117] "Years of birth"                   "Years of professional experience"