Unofficial HIBP API

A demonstration tool for scraping and querying data on website breaches.

Disclaimer: This is an independent, unofficial tool created for educational purposes. It is not affiliated with, endorsed by, or in any way officially connected with Have I Been Pwned (HIBP). For any production, commercial, or reliable use, please subscribe to the official HIBP API.

Support the Official Service

This unofficial scraper is a hobby project and is not suitable for production environments. It is slower, less reliable, and may break without notice.

The official Have I Been Pwned API is the only supported and reliable way to access this data for any application. Subscribing to the service directly supports the massive effort required to acquire, process, and securely store breach data for the public good.

Subscribe to the Official HIBP API

Demonstration API Base URL

All requests for this unofficial tool should be made to the following base URL:

https://ghostytongue.us/ihbp/api/

Try It Out

Request URL:

...

Response:

Click "Send Request" to see the output.

Parameters

Parameter Description Default
s Search term to filter breaches by name (case-insensitive). (none)
p Page number for pagination. 1
l Number of results per page. Max: 30. 10

Example Usage

Get the first 5 breaches

https://ghostytongue.us/ihbp/api/?l=5

Search for "adobe" and get the second page with 15 results per page

https://ghostytongue.us/ihbp/api/?s=adobe&p=2&l=15

Responses

Successful Response (200 OK)

A successful request returns a JSON object containing a summary and an array of breach objects.

results_count: The number of breach records returned in the current request.

total_pwn_count: The sum of all pwned accounts from the breaches in the current result set.

total_pwn_count_formatted: A human-readable version of the total pwned accounts (e.g., "1.2M").

{
    "results_count": 1,
    "total_pwn_count": 182962095,
    "total_pwn_count_formatted": "183M",
    "breaches": [
        {
            "name": "Synthient Stealer Log Threat Data",
            "pwn_count": 182962095,
            "pwn_count_formatted": "183M",
            "date_added": "21-Oct-2025",
            "breach_date": "Apr-2025",
            "details_url": "https://haveibeenpwned.com/Breach/SynthientStealerLogThreatData",
            "description": "During 2025, Synthient aggregated billions of records of \"threat data\" from various internet sources. The data contained 183M unique email addresses alongside the websites they were entered into and the passwords used. After normalising and deduplicating the data, 183 million unique email addresses remained, each linked to the website where the credentials were captured, and the password used. This dataset is now searchable in HIBP by email address, password, domain, and the site on which the credentials were entered.",
            "compromised_data": [
                "Email addresses",
                "Passwords"
            ]
        }
    ]
}

Error: Not Found (404 Not Found)

Returned when no results match the query.

{
    "error": "No results found for the specified search, page, or limit combination."
}

Error: Limit Exceeded (400 Bad Request)

Returned when the 'l' parameter is greater than 30.

{
    "error": "The requested limit (l) of 31 exceeds the maximum allowed limit of 30."
}