Have I Been Pwned (HIBP)

Indicates whether or not your listed email addresses appear in the Have I Been Pwned breach database.

Note: As of v0.19.0, WTF requires you use a Have I Been Pwned API key to conenct to the service. See details below.


  - test@example.com
  - pwned@gmail.com
  apiKey: "p0d13*********************************************c3"
    ok: "green"
    pwned: "red"
  enabled: true
    top: 4
    left: 1
    height: 1
    width: 2
  refreshInterval: 43200
  since: "2019-06-22"


hibp screenshot


Name Description Value
accounts A list of the accounts to check the HIBP database for.
apiKey Your Have I Been Pwned API token. Your API key or leave it empty to use the WTF_HIBP_TOKEN environment variable.
colors Optional The colors to display for accounts that have not been pwned and ones that have. Defaults to white for unpwned accounts, red for pwned accounts.
border Optional Whether or not to draw this widget with a border. Default: true. true, false
enabled Optional Whether or not this module is executed and if its data displayed onscreen. Default: false. true, false
position Defines where in the grid this module's widget will be displayed.
refreshInterval Optional How often, in seconds, this module will update its data. Default: 300. Any positive integer
since Optional Only check for breaches after this date. Set this if you’ve been breached in the past, have taken steps to mitigate that (changing passwords, cancelling accounts, etc.) and only want to know about future breaches. A date string in the format ‘yyyy-mm-dd’, ie: ‘2019-06-22’

Source Code