Use Data Breach !

It’s been a while since I wrote an article on medium , so let’s talk about a sensitive subject , few days ago there was another data breach . and almost 773 Million Record are available now on the net .

There is a chance your credentials will be in this collection #1 and as you know most of people will not have tech background or be familiar with the concept of credential stuffing and this may cause a lot of damage .

If you would like to read more about this news check out this article because I’m not going to talk about the news but I want to find a solution for this issue and it will be great to open a discussion between us so we can share ideas.

My idea is simple but I don’t know if It’s legal ?

So , let’s assume we have data breach and we can access to these piece of information.

So What ?

1- I will store the data in safe place .

2 - I will implement an API for websites ( How it works ? ) .

They can use it in the registration page . When the user try to signup , we will send the credential to our app first to verify if these combination of email & password already exist , if YES , the user should choose another password otherwise the registration process is done as usual .

What I did so far ?

  • I created a table where we can store the data : email & password for example :
  • After that I integrated laravel api key package in order to authorize requests to my app with API keys .
  • After , I implemented this simple function to check if the email and password exist !
  • My route /api.php attached to my auth.apikey middleware .
  • In case of email & password exist :
  • Ready to go :

https://haveibeenpwned.com/ provides API ! You need to check it out .

Cheers !