30
haveibeenpwned alternatives / data? (infosec.pub)
submitted 3 months ago* (last edited 3 months ago) by Deebster@infosec.pub to c/selfhosting@slrpnk.net
13 comments fedilink hide all child comments

My personal domain has hundreds of aliases - one for each site I deal with. This is great for identifying the source of spam, and I retire any aliases that get spam.

haveibeenpwned.com lets me add a domain, but wants 3912 USD a year to actually tell me which addresses leaked. This is obviously an insane price for a nice-to-have.

Is there an alternative for free or very cheap? A self-hosted tool that would pull down lists would be great, but I suppose those lists aren't public.

you are viewing a single comment's thread
view the rest of the comments
[-] kungen@feddit.nu 8 points 3 months ago

If I recall, the founder had some workaround for situations like you describe. I am in the same situation but I didn't have the effort to care enough to do all that hassle.

[-] Deebster@infosec.pub 2 points 3 months ago* (last edited 3 months ago)

It's entirely possible that my best fix is just to delete my haveibeenpwned account and react when I get spam, but where's the fun in that?

[-] Deebster@infosec.pub 2 points 3 months ago* (last edited 3 months ago)

The founder was asked to provide a subscription level for individual domains and he said no and pointed people at the suggestion to search manually or occasionally pay for a month instead.

HIBP subscriptions can be taken out monthly and cancelled at any time. If the appearance of your domain in a breach is infrequent, you can take out a one month subscription then immediately cancel it after performing the search (the subscription will remain active until the entire month period has elapsed).

this post was submitted on 07 Nov 2025
30 points (100.0% liked)

Self-hosting

4049 readers
1 users here now

Hosting your own services. Preferably at home and on low-power or shared hardware.

Also check out:

founded 3 years ago
MODERATORS
poVoq@slrpnk.net
sam_uk@slrpnk.net