MCP Server
Connect AI agents to Have I Been Pwned
What you can do with it
The Have I Been Pwned MCP server lets MCP-capable AI agents safely query HIBP breach intelligence. Use it to check whether email addresses appear in known breaches, investigate exposure across verified domains, research breach details, review exposed data classes, check paste and stealer log exposure, and query Pwned Passwords using k-anonymity.
Public breach metadata and data classes are available without signing in. Account, domain, subscription, verification, paste and stealer log tools require HIBP authorisation, and subscriber-only features follow the normal HIBP plan and domain verification rules.
The MCP endpoint is https://haveibeenpwned.com/mcp. Supporting discovery
documents are also published so compatible clients can find the server, its OAuth
requirements and its agent guidance automatically.
Setting it up
- Open an MCP-capable client or agent platform.
- Add the HIBP MCP server URL:
https://haveibeenpwned.com/mcp - Allow the client to follow the advertised discovery documents and OAuth metadata.
- When prompted, sign in to HIBP and approve access for the client.
- Use public tools immediately, or subscriber-only tools when your HIBP account has the required subscription.
Clients that need to perform discovery manually can start with the MCP server card, the OAuth protected resource metadata, the OAuth authorisation server metadata and the agent authentication guide.
Authorisation
The server uses OAuth for agent access. Public breach and data class tools can be
discovered without signing in, but tools that search accounts, domains, subscriptions,
domain verification workflows and stealer logs require a bearer token for the
hibp.mcp scope.
Access to subscriber-only HIBP data still follows the normal HIBP product rules. If a tool requires a paid plan, the signed-in HIBP account must have a subscription that includes that capability. See the pricing page and API documentation for more detail about plan-specific features.
Use cases and examples
Here are some practical ways to use the HIBP MCP server from an MCP-capable client. These examples are a good starting point for connectors, app stores and agent prompts. Successfully running these prompts may require an appropriately sized subscription and when querying domains, prior verification of control of the domain.
Check email address exposure
Has test@example.com appeared in any known data breaches?Show me all breaches associated with jane.doe@example.com.What types of data were exposed in breaches involving this email address?
Investigate domain exposure
Show me all breached accounts on example.com.Which breaches have affected users from my verified domain?Summarise the most significant breaches impacting accounts on this domain.
Research breaches
Tell me about the LinkedIn breach.What data was exposed in the Dropbox breach?Show me the most recently added breach and summarise the impact.
Investigate stealer log exposure
Check whether credentials for test@example.com appear in stealer logs.How many stealer log records exist for accounts on example.com?Summarise the stealer log exposure associated with this domain.
Explore password and exposure intelligence
Check whether this password hash appears in the Pwned Passwords dataset.How many times has the password "P@ssw0rd" appeared in data breaches?Show me how many times the passwords in the attached file have been breached.
Debugging common issues
The client cannot find the server
Check that the configured URL is exactly https://haveibeenpwned.com/mcp.
If your client supports discovery, confirm it can read the server card and OAuth metadata
linked above.
Authorisation does not complete
Start the connection flow again from the MCP client and complete the browser sign-in and consent steps in the same session. If a client caches failed registration or consent state, remove the HIBP connection in that client before retrying.
The MCP call returns 401
The access token is missing, expired or no longer valid for the HIBP MCP resource. Remove the saved credential from the client and reconnect so it obtains a fresh token.
A protected tool is unavailable or forbidden
Confirm the signed-in HIBP account has an active subscription and that the subscription includes the feature being called. Domain tools also require the domain to be verified in HIBP before domain data can be searched.
Requests are rate limited
Slow the client down and retry after the reported reset time. MCP tools still respect the same service limits that protect the HIBP API and subscriber features.
Tool justifications
Some MCP clients and app stores ask for additional justification about how individual tools behave. The following notes describe why specific HIBP MCP tools are flagged as read only, open world or destructive.
hibp_list_breaches| Read only true | This tool only retrieves publicly available breach metadata from Have I Been Pwned. It does not create, modify or delete any data and performs no actions on behalf of the user. |
| Open world true | This tool returns information from the Have I Been Pwned breach corpus, which is maintained independently of the current conversation and updated as new breaches are added. Results depend on external data sources and may change over time. |
| Destructive false | This tool has no side effects. It only reads breach information and cannot modify user accounts, system settings or any data within Have I Been Pwned. |
hibp_get_breach| Read only true | This tool retrieves details for a single named breach from Have I Been Pwned. It only returns existing breach metadata and does not alter any records or user data. |
| Open world true | Breach details are sourced from the live Have I Been Pwned breach corpus, which is maintained outside the model and may change as breach information is added or updated. |
| Destructive false | This tool performs a lookup only. It cannot create, update, delete or otherwise modify any data in Have I Been Pwned or any user system. |
hibp_get_latest_breach| Read only true | This tool retrieves the most recently added breach from Have I Been Pwned. It only reads published breach metadata and does not perform any write operations. |
| Open world true | The latest breach result depends on the current state of the Have I Been Pwned breach corpus and may change whenever a new breach is added. |
| Destructive false | This tool has no side effects. It only returns information about the latest breach and cannot modify accounts, settings or stored data. |
hibp_list_data_classes| Read only true | This tool retrieves the list of data classes used by Have I Been Pwned to describe exposed information in breaches. It does not create, change or remove any data. |
| Open world true | The available data classes come from Have I Been Pwned's external breach data taxonomy and may change over time as new types of exposed data are classified. |
| Destructive false | This tool is informational only. It cannot modify the data class taxonomy, breach records, user accounts or any other system data. |
hibp_get_pwned_passwords_range| Read only true | This tool retrieves anonymised Pwned Passwords range data using the k-anonymity model. It only returns existing password hash suffixes and occurrence counts and does not store or modify user information. |
| Open world true | Results are sourced from the live Pwned Passwords dataset maintained by Have I Been Pwned, which exists independently of the conversation and may evolve as the corpus is updated. |
| Destructive false | This tool is a passive lookup service. It cannot change passwords, modify accounts or perform any action beyond returning matching hash range data. |
hibp_get_breached_account| Read only true | This tool retrieves breach information associated with a specified email address from Have I Been Pwned. It only reads existing breach records and does not create, modify or remove any data. |
| Open world true | Account breach results depend on the current state of the Have I Been Pwned breach corpus and may change as new breaches are added or existing records are updated. |
| Destructive false | This tool only reports breach exposure information. It cannot alter breach records, user accounts, subscriptions or any external systems. |
hibp_get_breached_account_range| Read only true | This tool retrieves breach information for a range of accounts matching a supplied prefix. It provides read-only access to existing breach records and performs no write operations. |
| Open world true | Results are generated from the live Have I Been Pwned account breach dataset, which is maintained externally and may change as new breach data becomes available. |
| Destructive false | This tool performs bulk breach discovery only. It cannot modify account data, change breach records or trigger any actions affecting users or systems. |
hibp_get_paste_account| Read only true | This tool retrieves paste records associated with a specified email address from Have I Been Pwned. It only returns existing paste metadata and does not create, modify or delete any information. |
| Open world true | Paste results are sourced from external paste services and the Have I Been Pwned paste corpus, which is maintained independently of the model and may change as new pastes are discovered. |
| Destructive false | This tool performs informational lookups only. It cannot alter paste content, user accounts or any data held by Have I Been Pwned. |
hibp_get_breached_domain| Read only true | This tool retrieves breach information for accounts belonging to a verified domain. It provides read-only access to existing breach data and does not perform any write operations. |
| Open world true | Domain search results are generated from the live Have I Been Pwned breach corpus and may change as new breaches are added or existing records are updated. |
| Destructive false | This tool only returns breach exposure information for authorised domain searches. It cannot modify domain subscriptions, breach records or user data. |
hibp_list_subscribed_domains| Read only true | This tool retrieves the domains currently associated with the authenticated user's Have I Been Pwned account. It only reads subscription information and does not change account settings. |
| Open world true | Results reflect the current state of the authenticated user's domain subscriptions within Have I Been Pwned and may change as domains are added or removed outside the conversation. |
| Destructive false | This tool is used solely to view subscription information. It cannot add domains, remove domains or modify account configuration in any way. |
hibp_get_subscription_status| Read only true | This tool retrieves the current subscription status associated with the authenticated Have I Been Pwned account. It only reads account metadata and does not modify subscriptions or billing information. |
| Open world true | Results reflect the current state of the user's account within Have I Been Pwned and may change as subscriptions are renewed, upgraded, cancelled or otherwise updated outside the conversation. |
| Destructive false | This tool is informational only. It cannot change subscription status, modify billing details or perform any account management actions. |
hibp_get_stealer_logs_by_email| Read only true | This tool retrieves stealer log exposure information associated with a specified email address. It provides read-only access to existing records and does not create, modify or remove any data. |
| Open world true | Results are sourced from the Have I Been Pwned stealer log corpus, which is maintained independently of the model and may change as new data is ingested and analysed. |
| Destructive false | This tool only returns information about potential exposure in stealer logs. It cannot modify accounts, alter source data or take any action on behalf of the user. |
hibp_get_stealer_logs_by_website_domain| Read only true | This tool retrieves stealer log exposure information related to a specified website domain. It only reads existing records and performs no write operations. |
| Open world true | Results are derived from the live Have I Been Pwned stealer log dataset and may change over time as additional stealer log data is processed and incorporated. |
| Destructive false | This tool is used exclusively for investigation and reporting purposes. It cannot modify website data, breach records, stealer log records or any external systems. |
hibp_get_stealer_logs_by_email_domain| Read only true | This tool retrieves stealer log exposure information for accounts belonging to a specified email domain. It provides read-only access to existing records and does not alter any data. |
| Open world true | Results are derived from the live Have I Been Pwned stealer log corpus, which is maintained outside the conversation and may change as additional data sources are processed. |
| Destructive false | This tool is intended for visibility into stealer log exposure only. It cannot modify accounts, update records or perform actions against any external service. |
hibp_generate_domain_verification_dns_token| Read only false | This tool generates a new domain verification token for the authenticated user. Because it creates a verification challenge, it performs an account-related operation and is not a read-only action. |
| Open world true | The generated token is created within the Have I Been Pwned domain verification system and reflects the current state of the authenticated user's account and domain verification workflow. |
| Destructive false | This tool creates a verification token but does not modify domain ownership, delete data or make irreversible changes. The generated token can only be used as part of a subsequent verification process. |
hibp_verify_domain_verification_dns_token| Read only false | This tool validates a previously generated domain verification token against live DNS records and may update the verification status of a domain. Because it can change account state, it is not a read-only operation. |
| Open world true | Verification results depend on external DNS infrastructure and the current state of the Have I Been Pwned domain verification system, both of which exist independently of the conversation. |
| Destructive false | This tool can change a domain's verification status within the authenticated user's account but does not delete data, revoke access or perform irreversible actions. Verification can be managed through normal account administration processes. |
hibp_send_domain_verification_email| Read only false | This tool sends a domain verification email to an authorised recipient as part of the domain ownership verification process. Because it initiates an outbound communication, it is not a read-only operation. |
| Open world true | The tool interacts with external email infrastructure and the Have I Been Pwned domain verification system. Delivery and verification workflows depend on systems outside the current conversation. |
| Destructive false | This tool sends a verification email but does not delete data, modify breach records or make irreversible changes to an account. Any resulting domain verification still requires action by the recipient. |