The Problem
You're building an app and need to warn users if their email has been compromised in a data breach. The options are:
- HaveIBeenPwned API: Requires a paid API key ($3.50/month)
- Build your own: You'd need to aggregate breach databases yourself
- HackMyIP Breach API: Free, no key, JSON response
I built the third option. Here's how to use it.
Quick Start
curl "https://hackmyip.com/api/breach?email=test@example.com"
Response:
{
"success": true,
"data": {
"email": "tes***@example.com",
"breaches": 13,
"services": ["Adobe", "Canva", "LinkedIn", "Dropbox", ...],
"risk": {
"score": 71,
"level": "high"
},
"passwords": {
"plain_text": 3,
"weak_hash": 2,
"strong_hash": 5,
"total": 10
}
}
}
No API key. No signup. No rate limits for reasonable use.
JavaScript Example
async function checkBreach(email) {
const response = await fetch(
`https://hackmyip.com/api/breach?email=${encodeURIComponent(email)}`
);
const { data } = await response.json();
if (data.breaches > 0) {
console.log(`β οΈ Found in ${data.breaches} breaches!`);
console.log(`Risk level: ${data.risk.level}`);
console.log(`Affected services: ${data.services.join(', ')}`);
if (data.passwords?.plain_text > 0) {
console.log(`π¨ ${data.passwords.plain_text} passwords stored in plain text!`);
}
} else {
console.log('β
No breaches found');
}
}
checkBreach('user@example.com');
Python Example
import requests
def check_breach(email):
resp = requests.get(f"https://hackmyip.com/api/breach?email={email}")
data = resp.json()["data"]
print(f"Breaches: {data['breaches']}")
print(f"Risk: {data['risk']['level']} ({data['risk']['score']}/100)")
if data["passwords"]:
print(f"Plain text passwords: {data['passwords']['plain_text']}")
return data
check_breach("user@example.com")
All Available Endpoints
HackMyIP isn't just breach checking. It's a full privacy API:
| Endpoint | Description | Auth |
|---|---|---|
GET /api/breach?email=x |
Email breach check (500+ databases) | None |
GET /api/ip |
Your IP + geolocation + VPN detection + privacy score | None |
GET /api/lookup?ip=x |
Look up any IP address | None |
GET /api/score |
IP cleanliness grade (A-D) + VPN detection | None |
All endpoints return JSON with CORS enabled. Use from any domain.
Comparison with Alternatives
| Feature | HackMyIP | HaveIBeenPwned | LeakCheck |
|---|---|---|---|
| Price | Free | $3.50/month | Freemium |
| API Key Required | No | Yes | Yes |
| Breach Check | β | β | β |
| Risk Scoring | β | β | β |
| Password Analysis | β | β | β |
| IP Geolocation | β | β | β |
| VPN Detection | β | β | β |
| Privacy Score | β | β | β |
| CORS | β | β | β |
npm Package
npm install hackmyip
const { checkBreach, getMyIP, getPrivacyScore } = require('hackmyip');
const breach = await checkBreach('user@example.com');
const ip = await getMyIP();
const score = await getPrivacyScore();
Use Cases
- User registration: Check if a new user's email has been compromised and suggest a password change
- Security dashboards: Display breach status for monitored accounts
- Compliance tools: Verify employee email exposure
- Personal projects: Build your own "Have I Been Pwned" checker
- CLI tools: Quick breach checks from the terminal
Links
- π Website: hackmyip.com
- π API Docs: hackmyip.com/api
- π Email Breach Checker: hackmyip.com/breach
- π¦ npm: hackmyip
- π GitHub: github.com/Hackmyip/hackmyip-js
- π OpenAPI Spec: hackmyip.com/.well-known/openapi.json
Built as a solo project on Cloudflare Workers. Feedback welcome!
Top comments (0)