Data breach report should search against all email addresses used in vault

The current data breach report is the only report where we manually have to type in the input (username). All the other reports are automatically created based on your vault entries. Is it possible to also create the data breach report automatically based on all usernames used in a vault?

E.g. it’s secure to use [email protected] instead of only one emailadress for all sites.
If the data breach report can automatically be generated based on the email addresses used in your vault, it’s much easier to check whether your accounts are breached. Currently we’ve to put in all different usernames one by one and by hand.

Please check this thread:

Hi,
which page is used as a source for the Data Breach Report? I assume haveibeenpawned?
If yes, there might be some issue.
Thanks

According to this response, it appears to be using the HaveIBeenPwned (HIBP) API.

It would probably be worth editing the blog post to explicitly state this.

Hm, there might be then problem with the API, because if I use the Data Breach Report for one of my emails it says all good. Also If I use the Firefox Monitor it says the same. But if I go directly to HaveIBeenPawned then it says the email is present on 2 breached sites.

I’ve read somewhere earlier that HIBP API has been presenting issues, as Kyle mentioned a few days ago. I’ll check the source and post here.

Here it is:

Please check this thread:

I know that feature already but my feature requests is something else :slight_smile:

We still need to give up an email address on the data breach report (OK it’s filled in automatically) but I use a lot of email addresses in my vault, so i don’t want to give an email address at all. I want Bitwarden to check all my used email addresses at once after clicking the button.

+1, I’m in the same situation with a bunch of email addresses and it would be nice to get an auto-generated report of any compromises, preferably without even clicking a button (like how Dashlane does it).

I really appreciate having the option to check e-mail accounts and usernames via HIBP in the bitwarden vault, but I’d like to see a little more integration with the bitwarden app itself. I use a lot of different e-mail accounts (on my own domain) and a lot of different usernames, and entering them all separately is quite the pain. Bitwarden already has all of these stored though, so a function to have these requests be made automatically would be nice. Optionally accounts could be select-able from your vault in a list. This way I’ll know what e-mail accounts might receive spam and can block them.

Please allow to manually add email addresses to the Data Breach Report (and store these email addresses in the Data Breach Report, so they are considered in the report).
This way I can add my google email address (that I normally don’t use), the email address of my wife and my daughter (they have no password entries yet).
Currently I have to enter them manually at each check.

Feature name

  • data breach report should search against all email addresses used in vault

Feature function

  • What will this feature do differently? Right now the data breach report lets you search by one email address. Ideally it should automatically pull all of the email addresses from your vault and search against them. I use different email addresses for each site for login – being able to quickly see if any are breached would be great.
  • What benefits will this feature bring? Convenience
  • Remember to add a tag for each client application that will be affected

Related topics + references

  • Are there any related topics that may help explain the need and function of this feature? No
  • Are there any references to this feature or function on other platforms that may be helpful? No
2 Likes

I’ve seen other services do it exactly tat way. This would be nice to have!

I’d add that it should offer a list of all emails found in the vault and allow deselecting those that the user does not want to be part of the report.

6 Likes

Agreed. I’m using https://simplelogin.io/ to generate unique email addresses for every single site I use. This minimizes the # of compromises so a data breach report for a unique email address may not be huge but it would be nice to know when an address is compromised.

8 Likes

Nice email solution. Thank you for sharing!
Definitely wouldn’t work to check all emails if you use that :wink:

3 Likes

@imthenachoman Additional to simple convenience, this feature would also allow the date of a breach to be compared against the most recent password change. Reported breaches could then be removed from the list if the login credentials had changed after it occured.

1 Like

Moreover, Bitwarden should automatically warn whenever a password I have/an email I have is found in a new leak.

7 Likes

I’m not as worried about checking against the breach date, I’d just like this feature at all. It’s a bit disappointing that all the other checks check against all items in the vault, but this one doesn’t. I’m guessing this is possible because, for instance with the “Exposed Passwords” check, all the datasets and comparisons can be done against a dataset hosted by Bitwarden or directly on the client rather than having to reach out to an external API, but does HIBP not support making a lot of requests/testing in bulk?

2 Likes

A bit late to this, but I signed up purely to support this.

Voted. Apple Keychain already does this, as well as other major password managers (e.g. LastPass).

Like other users, I typically use a different email address for each website. This is an increasingly common scenario (see for example Apple’s Hide My Email).

Ideally, this check should be done periodically, without user input. An email alert would be also very useful.

1 Like