The haveibeenpwned sensor platform creates sensors that check for breached email accounts on haveibeenpwned.


In order to use this integration you need to purchase an API key. Visit the API key page on the HIBP website to purchase one.


To enable this sensor, add the following lines to your configuration.yaml, it will list every specified email address as a sensor showing the number of breaches on that email account.

# Example configuration.yaml entry using cloud based emoncms
  - platform: haveibeenpwned
      - [email protected]
      - [email protected]
    api_key: API_KEY

Configuration Variables

email list Required

List of email addresses.

api_key string Required

HaveIBeenPwned API Key

Breach meta data

If one of your email accounts is breached the sensor will display breach meta data. It will list the title of the site where your email account has been breached as well as the added date of the breach data. This data is displayed in descending order so that the state attribute breach 1 will always contain the last known breach for the specific email account, if there are any breaches detected.

The sensor will scan all email addresses specified with a 5 second delay between all breach data requests on Home Assistant startup. After this initial startup scanning, the sensor will only scan one email account per 15 minutes to prevent abuse, and not hammer "the Have I been Pwned" service, as this breach data almost never changes.