troyhunt
commented
5 months ago There's no overhead on the HIBP side when downloading the hashes, well over 99% of all requests come from Cloudflare cache. It's easy just to run the downloader on demand, but it's even easier (and has more immediate benefit) to hit the k-anonymity API directly from your service rather than continually downloading everything.
Thank you for your amazing work contributing to the Infosec community with HIBP!
It would be helpful to be able to pull a subset of passwords added to the HIBP database after a certain date. The use case is to be able to run the downloader tool on a regular cadence (perhaps monthly) without having to pull the full set of hashes each time. This would result in less load on the HIBP system by returning smaller updates after the seed data is downloaded.
If insert dates are not included in the HIBP records, then this may not be possible without a significant data storage increase. We understand if this feature was left out on purpose for any reason. Thank you for your time and effort!