HaveIBeenPwned Sensor


The haveibeenpwned sensor platform creates sensors that check for breached email accounts on haveibeenpwned.

Configuration

The HaveIBeenPwned API is no longer a free API. For more information about this change read the HIBP creator’s blogpost regarding the change.

In order to use this integration you need to purchase an API key. Visit the API key page on the HIBP website to purchase one.

Configuration

To enable this sensor, add the following lines to your configuration.yaml, it will list every specified email address as a sensor showing the number of breaches on that email account.

# Example configuration.yaml entry using cloud based emoncms
sensor:
  - platform: haveibeenpwned
    email:
      - [email protected]
      - [email protected]
    api_key: API_KEY

Configuration Variables

email

(list)(Required)

List of email addresses.

api_key

(string)(Required)

HaveIBeenPwned API Key

Breach meta data

If one of your email accounts is breached the sensor will display breach meta data. It will list the title of the site where your email account has been breached as well as the added date of the breach data. This data is displayed in descending order so that the state attribute breach 1 will always contain the last known breach for the specific email account, if there are any breaches detected.

The sensor will scan all email addresses specified with a 5 second delay between all breach data requests on Home Assistant startup. After this initial startup scanning, the sensor will only scan one email account per 15 minutes to prevent abuse, and not hammer "the Have I been Pwned" service, as this breach data almost never changes.