haveibeenpwned.com is a wonderful service created and managed by Troy Hunt. I’ve been using it personally to monitor my own email accounts and at every company where security was my responsibility I set up haveibeenpwned.com to monitor at the domain level. The reason is very simple: in the course of performing their tasks, employees create accounts in many websites and applications, sometimes uploading customer data, leaving a trail of potentially reused passwords. Every time there’s a breach of one account, that could grow into the breach of many others or the leak of sensitive information.
haveibeenpwned.com sends you a report of the breaches which I found required quite a lot of manual work on my part to get things unbreached to the level I was happy with, that’s why I created Unbreach. Unbreach notifies each employee at your company when their email gets found in a data breach directly and shows them a list of all their breaches where they can track which passwords they have changed already. That screen looks like this:
For you, it shows you a dashboard of all employees and all breaches, including who was affected by what, and which one remains open and which one is unbreached. It looks like this… if your team is the Avengers that is:
This extra functionality, which I can summarize as a todo list of passwords to change and a dashboard of open and closed breaches is what Unbreach provides, and why I created it.
We currently pay haveibeenpwned.com for an API key. If Unbreach takes off commercially we hope to find a way to pay more for that API access because it would be too cheap. One can only dream of one day collaborating closely with Troy Hunt.