skopio
Skopio/Glossary/Have I Been Pwned (HIBP)

What is Have I Been Pwned (HIBP)?

Have I Been Pwned (HIBP) is the most authoritative public breach-search service, maintained by Troy Hunt since 2013, allowing free checks of whether your email or password appears in any disclosed data breach.

Definition

HIBP (haveibeenpwned.com) is the gold standard for consumer breach-search. Created and maintained by security researcher Troy Hunt, it indexes hundreds of disclosed breaches and lets users check whether their email address or password appears in any of them. The service is free for personal use, has a paid API for commercial use, and pioneered the k-anonymity password-search protocol now used industry-wide. As of 2026, HIBP indexes 13B+ records across 600+ disclosed breaches.

HIBP's contribution to security is enormous: democratized breach-status checking, set privacy standards (k-anonymity for passwords), informed dozens of national-level password-policy decisions. Its limitation is scope: it does breach status only. Doesn't tell you about social profiles tied to the email, doesn't tell you about WHOIS-attached domains, doesn't enrich with reputation. Skopio uses HIBP-class breach data as one of multiple inputs, combining with social, WHOIS, Gravatar and reputation feeds. For pure breach-status checks, HIBP is fine and free. For richer OSINT context, Skopio is more time-efficient.

Real-world examples

  • 1

    Checking your own email's breach exposure (free at haveibeenpwned.com)

  • 2

    Browser password managers integrate HIBP's password API to warn on compromised passwords

  • 3

    Companies use HIBP's enterprise API to monitor employee email exposure

  • 4

    Skopio's email category includes HIBP-class breach data plus 4 more source layers

  • 5

    1Password, Mozilla and Apple all integrate HIBP-style breach detection in their products

Related Skopio categories

Lookup categories where this term applies.

emailbreachpassword

Related glossary terms

Breach Corpus
A breach corpus is a publicly disclosed dataset of credentials, identifiers, or records exposed in a documented security incident.
K-Anonymity
K-anonymity is a data-privacy protocol where queries are batched with k-1 other indistinguishable records, ensuring the specific query value cannot be identified by the server.
OSINT
OSINT is the discipline of collecting and analyzing publicly available information to produce actionable intelligence.

Frequently asked questions

Should I use HIBP or Skopio?+

Use HIBP for free unlimited breach-status checking on your own email. Use Skopio when you need richer context — investigating someone, checking surrounding profiles, doing fraud-prevention screening with multiple data layers.

Is HIBP free forever?+

Personal email checks: yes, free always. Password search: yes, free. Domain monitoring (verified owner): yes, free. Commercial API: paid tiers. The free tier is genuinely free with no upsell pressure.

Does HIBP have my data?+

If your email was in a disclosed breach, yes — that's the entire point of the service. HIBP itself doesn't add any new data; it indexes what's already public. Removal request: HIBP doesn't redistribute records, just status. The underlying breach data is in the public domain regardless.

Who is Troy Hunt?+

Australian security researcher, MVP, Pluralsight author. Created HIBP as a free public service in 2013 after the Adobe breach. Largely funded out-of-pocket initially, now sustainable via commercial API revenue.

Is HIBP open-source?+

Some components yes (the k-anonymity protocol, the password set, the Pwned Passwords list). The platform itself is closed-source but operated transparently.

Experimente o Skopio em fluxos de Have I Been Pwned (HIBP)

Primeira busca por dia grátis. Sem cartão. Sem compromisso.

Cadastrar grátis →ou abrir o app