Have I Been Pwned MCP Server

Name: Have I Been Pwned
Availability: InStock
Author: Vinkius

haveibeenpwned.com/API/v3

Built by Vinkius GDPR ToolsFree

Check if your accounts or passwords have been compromised in data breaches using the HIBP service.

Ask AI about this MCP Server

Open in ChatGPT Open in Claude Open in Perplexity

Vinkius AI Gateway supports streamable HTTP and SSE.

✓ HostedCloud-managed

60%Token savings

High SecurityEnterprise-grade

IAMAccess control

EU AI ActCompliant

V8 IsolateSandboxed

Ed25519Audit chain

FinOpsBudget guard

<40msKill switch

DLPData protection

Stream every event to Splunk, Datadog, or your own webhook in real-time

Works with every AI agent you already use

…and any MCP-compatible client

What is the Have I Been Pwned MCP Server?

The Have I Been Pwned MCP Server gives AI agents like Claude, ChatGPT, and Cursor direct access to Have I Been Pwned. Check if your accounts or passwords have been compromised in data breaches using the HIBP service. Powered by the Vinkius AI Gateway — no API keys, no infrastructure, connect in under 2 minutes.

Have I Been Pwned MCP Server: see your AI Agent in action

AI Agent→Vinkius→Have I Been Pwned

You

Vinkius AI Gateway

GDPR·High Security·Kill Switch·Ultra-Low Latency·Plug and Play

Built-in capabilities (5)

check_password_safety

Uses k-anonymity; your full password is never sent to the server. Check if a password has ever appeared in a data breach (safe, k-anonymity search)

get_breach_details

Get details for a specific data breach by name

list_all_breaches

List all data breaches currently recorded in the system

search_account_breaches

Search for all data breaches an email or account has been involved in

search_account_pastes

Search for all public pastes (like Pastebin) containing the email or account

What this connector unlocks

Connect your AI agent to Have I Been Pwned, the internet's most trusted resource for tracking data breaches. Protect yourself by staying informed about where your sensitive information may have been leaked.

What you can do

Account Search — Instantly check if an email or username has been involved in any of the thousands of tracked data breaches
Paste Search — Discover if your information is circulating on public paste sites (like Pastebin)
Password Safety — Safely verify if a password has ever appeared in a breach using the secure K-Anonymity model (your full password is never sent to the server)
Breach Catalog — Explore the full history of major internet data breaches, including what types of data were stolen (passwords, emails, phone numbers, etc.)

How it works

1. Subscribe to this server
2. Enter your HIBP API Key (available at [haveibeenpwned.com/API/Key](https://haveibeenpwned.com/API/Key))
3. Start auditing your digital safety through chat

Who is this for?

Security-Conscious Users — monitor personal or family accounts for leaks
IT Professionals — check for corporate domain or account compromises
Researchers — analyze trends and impact of major data breaches

Frequently asked questions

Yes. This agent uses the K-Anonymity model. Only the first 5 characters of your password's SHA-1 hash are sent to the HIBP server. The full password or full hash never leaves your local environment, making it cryptographically safe.

You can purchase an API key directly from the [HIBP website](https://haveibeenpwned.com/API/Key). It requires a small monthly subscription to prevent mass scraping and abuse.

Give your AI agents the power of Have I Been Pwned

Access Have I Been Pwned and 2,500+ MCP servers — ready for your agents to use, right now. No glue code. No custom integrations. Just plug Vinkius AI Gateway and let your agents work.