n8n templatesn8n templates

HaveIBeenPwned New Breach Monitoring and Alert Workflow

This workflow automatically monitors the leaked data on the HaveIBeenPwned website at scheduled intervals to detect new data breach incidents. When new leaked information is found, the system promptly triggers alerts to ensure that users can quickly respond to security risks. This process runs automatically every 15 minutes and employs an intelligent caching mechanism to avoid duplicate alerts. It supports flexible integration with various messaging platforms, enhancing the efficiency and responsiveness of information security monitoring, making it suitable for the security management needs of both individuals and businesses.

Workflow Diagram
HaveIBeenPwned New Breach Monitoring and Alert Workflow Workflow diagram

Workflow Name

HaveIBeenPwned New Breach Monitoring and Alert Workflow

Key Features and Highlights

This workflow automatically monitors for new data breaches by periodically querying the latest breach data API from the HaveIBeenPwned website. Upon detecting new breach information, it triggers an alert process to help users promptly become aware of security risks. Highlights include:

  • Automated periodic retrieval of the latest breach data every 15 minutes
  • Local caching of previously alerted breach names to prevent duplicate notifications
  • Intelligent differentiation between new and existing breaches to ensure alert accuracy
  • Flexible extension of alert methods (e.g., Slack, Discord, etc.)
  • Demonstrates practical techniques for data caching and processing

Core Problem Addressed

In the field of information security, data breaches occur frequently, making it difficult for users to promptly identify whether they or their organizations are affected. This workflow solves the challenges of manual frequent querying and missed alerts through automated monitoring and notification, thereby enhancing security response efficiency.

Use Cases

  • Personal or corporate security teams monitoring the HaveIBeenPwned breach database to proactively identify potential risks
  • Security operations automation for rapid response to newly discovered breaches
  • Integration into internal enterprise alerting systems to implement information security early warning
  • Security education and demonstration tools showcasing automated security monitoring processes

Main Workflow Steps

  1. Trigger the workflow every 15 minutes using a Schedule Trigger
  2. Retrieve the latest breach data from HaveIBeenPwned via an HTTP Request node
  3. Read the local cache file (cache.json) to obtain the names of breaches previously alerted
  4. Compare the latest data with cached data to determine if new breach events exist
  5. If new breaches are detected, update the cache file and trigger the alert process (e.g., send messages to Slack, Discord, etc.)
  6. If no new breaches are found, skip alerting and wait for the next scheduled check
  7. Provide a manual trigger option for testing and cache initialization

Involved Systems and Services

  • HaveIBeenPwned.com API (data source)
  • Local file system (for data caching)
  • n8n automation platform core nodes (HTTP Request, file read/write, conditional logic, schedule trigger, etc.)
  • Extendable alert integration services (Slack, Discord, and other third-party messaging platforms; interfaces provided though not fully implemented in the example)

Target Users and Value

  • Information security professionals and teams seeking automated monitoring of data breach risks
  • IT operations personnel needing to incorporate security monitoring into daily automation workflows
  • Enterprise managers focused on automated data security and risk alerting solutions
  • Security enthusiasts and developers learning how to combine APIs and caching for intelligent monitoring
  • n8n users demonstrating complex conditional logic and cache handling in workflow design

This workflow eliminates the need for manual breach information queries and, through an intelligent caching mechanism, avoids redundant alerts—significantly improving the timeliness and efficiency of security incident response. With simple configuration, it can integrate multiple alert channels to meet the security management needs of diverse users and organizations.