{"id":"haveibeenpwned-api","name":"Have I Been Pwned API","homepage":"https://haveibeenpwned.com/API/v3","repo_url":null,"category":"security","subcategories":["breach-detection","data-breach","credential-monitoring"],"tags":["hibp","breach","passwords","security","credential-stuffing","data-leak","rest-api"],"what_it_does":"API for checking whether email addresses, usernames, or passwords have appeared in known data breaches, built and maintained by Troy Hunt. Covers billions of breached credentials.","use_cases":["Checking if user email addresses were exposed in known data breaches","Password hygiene enforcement by checking against breached passwords (k-anonymity model)","Alerting users when their credentials appear in new breaches","Security awareness tooling and compliance reporting","Enriching identity risk assessments in security pipelines"],"not_for":["Real-time fraud prevention (not a fraud scoring API)","IP reputation or network-level threat intelligence","Comprehensive identity verification","Automated bulk account scanning without subscription"],"best_when":"An agent needs to check whether credentials or email addresses have been compromised in public data breaches, especially during account creation or login risk evaluation.","avoid_when":"You need broader threat intelligence beyond breach data, or you need real-time fraud scoring.","alternatives":[{"id":"abuseipdb-api","reason":"For IP reputation rather than credential/email breach checking"},{"id":"virustotal-api","reason":"Broader threat intelligence including file, URL, and domain analysis beyond breach data"}],"af_score":78.4,"security_score":null,"reliability_score":null,"package_type":"mcp_server","discovery_source":["github"],"priority":"low","status":"evaluated","version_evaluated":"current","last_evaluated":"2026-03-01T09:50:05.672699+00:00","performance":{"latency_p50_ms":100,"latency_p99_ms":400,"uptime_sla_percent":99.9,"rate_limits":"1 request per 1500ms for free, faster for paid tiers","data_source":"llm_estimated","measured_on":null}}