How to use Have I been Pwned

How Have I been Pwned works

CultureAI integrates with the popular tool Have I Been Pwned.  This integration allows CultureAI to run automated checks against your email domain for logged breaches 20 minutes ahead non-enterprise subscribers of HIBP.  This integration powers our ability to check for both corporate email addresses and personal addresses being involved with published software breaches.

Personal addresses are enabled through the CyberScore application. CultureAI do not share any PII with HIBP, your email domains are sent to HIBP, and HIBP sends back a full list of email addresses with the same domain, and then CultureAI checks the list HIBP gives to the user list in CultureAI and logs events against individuals found on that list. 


The Have I Been Pwned integration is automatically enabled on your account and will start pulling data as soon as your account is set up tied to the domain/s you wish to monitor for your business.


Domain Scanning

If you'd like to track your domain on HIBP you can configure this as follows:

  1. Click on the cog button at the top of your dashboard
  2. Press the "Domain Scanning" section
  3. Click the "Add Domain" button
  4. A new window will pop up where you can configure your domain
  5. Enter you domain into the first box
  6. You will then need to verify your ownership of the domain you want to scan. You can enter either a CNAME value from your DNS record, or a TXT version of your domain
  7. Click 'Verify & Save'
  8. You're done!