Have I Been Pwned MCP

---
name: hibp
category: osint-seed-pivot
cost: freemium
api_key_required: yes
repo: https://github.com/darrenjrobinson/HIBP-MCP-Server
alternate_repo: https://github.com/Cyreslab-AI/hibp-mcp-server
paired_skills: ["seed-discovery-from-email", "breach-data-correlation", "hibp-and-account-breach-mapping"]
capabilities: ["breach-lookup", "credential-exposure", "email-enumeration"]
---

# Have I Been Pwned MCP — breach exposure lookup by email/domain

Queries the HIBP API to return breach data for a given email address or domain. Lets Claude reason over breach overlap, infer source breaches, estimate when an email was first compromised, and prioritize credential-stuffing risk.

## Install

```
npm i -g hibp-mcp-server
```

## Configuration

```json
{
  "mcpServers": {
    "hibp": {
      "command": "hibp-mcp-server",
      "env": {
        "HIBP_API_KEY": "YOUR_HIBP_KEY_HERE"
      }
    }
  }
}
```

## What it adds

Without this MCP, HIBP lookup is a manual browser step. With it, Claude queries HIBP mid-investigation and reasons over which breaches overlap with other findings — connecting a leaked email to a credential-stuffing campaign, or dating the first compromise against a timeline of events.

## Pairs with skills

- 002 `seed-discovery-from-email`
- 023 `breach-data-correlation`
- 408 `hibp-and-account-breach-mapping`

## Cost

HIBP API key required. Cheapest tier is ~$3.50/month — sufficient for a working investigator's caseload. Get your key at haveibeenpwned.com/API/Key.