Have I Been Pwned API
API for checking whether email addresses, usernames, or passwords have appeared in known data breaches, built and maintained by Troy Hunt. Covers billions of breached credentials.
Best When
An agent needs to check whether credentials or email addresses have been compromised in public data breaches, especially during account creation or login risk evaluation.
Avoid When
You need broader threat intelligence beyond breach data, or you need real-time fraud scoring.
Use Cases
- • Checking if user email addresses were exposed in known data breaches
- • Password hygiene enforcement by checking against breached passwords (k-anonymity model)
- • Alerting users when their credentials appear in new breaches
- • Security awareness tooling and compliance reporting
- • Enriching identity risk assessments in security pipelines
Not For
- • Real-time fraud prevention (not a fraud scoring API)
- • IP reputation or network-level threat intelligence
- • Comprehensive identity verification
- • Automated bulk account scanning without subscription
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for Have I Been Pwned API.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-01.