I have been pwned again!

Except I haven't in any meaningful way.

If you have not heard of haveibeenpwned.com then you might be looking in the wrong places. The site comes up regularly in the press when there has been a data breach and people need to check if their email address is in it.

I pay for access due to the number of email aliases I have amassed over the years. And I am happy to support them.

Trying to use my notes from the Previous incident was a bit of a disaster. I had tried not include specific file names and this meant the commands were incomplete, not to mention the Json format returned from HIBP has changed.

So, here are my more complete notes from getting the latest data from email alias on my domain.

# download my breaches using my APIKEY
curl --header "hibp-api-key: HIBPAPIKEY" "https://haveibeenpwned.com/api/v3/breacheddomain/jumpstation.co.uk" -o /tmp/hibp

# create a map file to work with
jq '. | to_entries | map_values({key:.value} + { email: .key }) | map({key:.key[], email:.email})' /tmp/hibp > /tmp/hibp_map.json

# get all the breaches
curl "https://haveibeenpwned.com/api/v3/breaches" -o /tmp/breaches-2025-10-13.json

# join and sort the data
jq '[JOIN(INDEX(input.[]; .Name); .[]; .key) | add] | sort_by(.AddedDate,.email)' /tmp/hibp_map.json /tmp/breaches-2025-10-13.json > /tmp/hibp_joined_sorted.json

# get just this years breaches and only include the breach name(key), my email alias and the breach AddedDate
jq 'map(select(.AddedDate | startswith("2025") ) ) | map({key:.key, email:.email, addedDate:.AddedDate})' /tmp/hibp_joined_sorted.json

and after all that it turned out to be three very old addresses in the SynthientCredentialStuffingThreatData breach

For more information on how some of these jq commands work see Previous