What’s an «unverified» breach?
Some breaches can be flagged as «unverified». In such cases, whilst there is genuine information within alleged breach, may possibly not being poible to determine legitimacy beyond sensible question. Unverified breaches will always be included in the program because regardle of the authenticity, they however consist of information that is personal about people who would you like to discover their unique publicity on the internet. Further history on unverified breaches are located in the blog blog post called Introducing unverified breaches to possess we Been Pwned.
What is a «fabricated» breach?
Some breaches are flagged as «fabricated». In these cases, truly very not likely that violation consists of legitimate data sourced through the alleged web site but it might still end up being marketed or exchanged under the auspices of validity. Usually these occurrences are made up of information aggregated off their areas (or possibly entirely fabricated), yet still contain genuine email addrees unbeknownst into accounts owner. Fabricated breaches are still contained in the program because regardle of their authenticity, they however incorporate information that is personal about people that like to comprehend their coverage on the web. More background on unverified breaches can be found in your blog post named Introducing «fabricated» breaches having I Been Pwned.
Something a «spam number»?
Occasionally, large volumes of personal information can be found getting used for purposes of sending directed spam. This frequently includes many of the same features generally found in data breaches such as for example names, addrees, devices figures and schedules of delivery. The databases are usually aggregated from numerous supply, often by eliciting personal data from individuals with the hope of a monetary advantage . Whilst the information may not have started acquired from a breached system, the private characteristics regarding the details and the simple fact that its redistributed inside style unbeknownst to your people warrants inclusion here. Read more about spam records in HIBP .
So what does it imply if my personal paword is in Pwned Pawords?
If a paword can be found in the Pwned Pawords services, 
it means it has got previously starred in a data violation. HIBP cannot put any details about whom the paword belonged to, only this have earlier started subjected openly and exactly how often times it was observed. A Pwned Paword should not any longer be utilized as the exposure puts it at higher risk of being regularly login to profile utilising the now-exposed trick.
Is it possible to buy a yearly API trick instead month-to-month?
At this stage API tactics are just accessible to buying monthly. You will find instances when annual would make lifestyle more relaxing for people (as an example, within a business planet), be sure to vote your consumer vocals concept and you’ll be informed should this be implemented later on.
Can I buy an API by a means except that bank card?
The whole API trick environment are tied into Stripe for fees fulfillment. Presently there is absolutely no center to buy tips at all other than mastercard, as an example via PayPal or Bitcoin.
The [department] would like [something proper] before purchasing an API key, can you incorporate they?
The API secret was a $3.50 each month self-service acquisition that’ll instantly send a receipt following payment fulfilment. There are no quotations, no proper documentation, no signatures without negotiations. See the API webpage for full records.
Should I kindly bring an API key free of charge because [reasons]?
No. should you decide touch base and request a totally free key unconditionally, you may not become a reply.
We searched for my email addre on HIBP after which I found myself hacked, exactly what gives?!
First and foremost, looks aren’t signed generally thereis no assortment of addrees. Any looks which happen to be done are performed very over an encrypted connection so no person enjoys acce on the online traffic other than those holding the HIBP treatments. Regardless of if they did, it really is only an email addre and not adequate to earn acce to another person’s on line reports. If Pwned Pawords has also been familiar with seek out a paword, it really is anonymised before are delivered to HIBP so actually a search for email addre and paword does not supply a usable credential pair. Relationship cannot signify causation; it is a coincidence.