Looking to move from Intercom, Klaviyo or MailChimp to save costs and improve efficiency?
Schedule Demo

We'll now tell you if your email has been breached or hacked (on other providers)

10 months ago
Speedy little update here.

Bento will now now tell you when you login, or even sign-up (yes, we'll slow down sales if it means keeping you secure), if your email has been compromised in a hack.

How are we doing it?

All user passwords are hashed using SHA-1 and then truncated to 5 characters, implementing the k-Anonymity model described in https://haveibeenpwned.com/API/v2#SearchingPwnedPasswordsByRange and then checked against the HaveIBeenPwned.com API — the world's largest source of breaches.

Neither the clear-text password nor the full password hash is ever transmitted to the service.

More implementation details and important caveats can be found in https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/

Why are we doing it?

We hope this leads to a more secure Bento, less freakouts and helps educate our users on the importance of web security. It's just too important to us.