Skip to content
/ Password-Breach-Notification-System Public

The Password Breach Notification System alerts users when their credentials are exposed in data breaches. It integrates with the Have I Been Pwned API, securely stores breach data, and notifies users via email. Built with Node.js, MongoDB, and React, it ensures proactive security monitoring and real-time breach alerts. πŸš€πŸ”’

0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

nikhilij/Password-Breach-Notification-System

BranchesTags

Repository files navigation

🚨 Password Breach Notification System πŸ”

πŸ“Œ Overview

The Password Breach Notification System helps users stay secure by notifying them if their credentials have been exposed in known data breaches. This system continuously monitors databases and alerts users in real-time.

🎯 Features

βœ… Real-time Breach Detection πŸ”Ž – Checks passwords against leaked databases.
βœ… Secure Hashing Mechanism πŸ” – Uses SHA-1 for privacy-preserving checks.
βœ… User Notifications πŸ“© – Sends alerts via email/SMS when a breach is detected.
βœ… Admin Dashboard πŸ“Š – Provides breach statistics and system monitoring.
βœ… Multi-Factor Authentication (MFA) Suggestion πŸ›‘οΈ – Encourages MFA when a breach is detected.
βœ… Dark Web Monitoring πŸ•΅οΈβ€β™‚οΈ – Optional feature to scan leaked credentials on dark web forums.
βœ… Secure API Access πŸ”‘ – Uses JWT authentication for enhanced security.
βœ… Logging & Monitoring πŸ“ˆ – Keeps track of breach reports and system logs.

πŸ›οΈ System Architecture

+----------------------+      +---------------------+      +----------------------+
|   Client/API Calls  | ---> | Log Ingestion Layer | ---> |   Processing Engine  |
+----------------------+      +---------------------+      +----------------------+
                                      |                              |
                                      v                              v
                    +----------------------+      +----------------------+
                    |   Storage Layer       |      |  Analysis & Alerts   |
                    |  (DB/File System)     |      |  (ML/Rule-Based)     |
                    +----------------------+      +----------------------+
                                      |                              |
                                      v                              v
                    +----------------------+      +----------------------+
                    |   Search & Filtering  |      |   Visualization      |
                    |   (Elasticsearch)     |      |   (WebSockets/API)   |
                    +----------------------+      +----------------------+
                                      |
                                      v
                          +----------------------+
                          |    User Dashboard    |
                          | (API/Grafana/Kibana) |
                          +----------------------+

πŸ—‚οΈ Folder Structure

Password-Breach-Notification-System/
β”œβ”€β”€ src/
β”‚   β”œβ”€β”€ controllers/         # Route logic (to be implemented)
β”‚   β”œβ”€β”€ models/              # Mongoose models (to be implemented)
β”‚   β”œβ”€β”€ routes/              # Express route definitions (to be implemented)
β”‚   β”œβ”€β”€ services/            # Business logic (to be implemented)
β”‚   β”œβ”€β”€ utils/               # Utility/helper functions (to be implemented)
β”‚   └── app.js               # Express app entry point (to be implemented)
β”œβ”€β”€ config/
β”‚   └── db.js                # Database connection (to be implemented)
β”œβ”€β”€ public/                  # Static assets (optional)
β”œβ”€β”€ .env.example             # Example environment variables
β”œβ”€β”€ package.json
└── Readme.md

πŸ› οΈ Environment Variables

Create a .env file in the root directory. Example:

PORT=3000
MONGODB_URI=mongodb://localhost:27017/breachdb
JWT_SECRET=your_jwt_secret
HIBP_API_KEY=your_hibp_api_key
EMAIL_USER=your_email@example.com
EMAIL_PASS=your_email_password
SMS_API_KEY=your_sms_api_key

🚧 Project Status

This repository currently contains only documentation and a project template. The actual backend code (controllers, models, routes, services, etc.) is not yet implemented.

To complete the project:

  • Implement the backend logic in the src/ directory as described in the folder structure.
  • Create the necessary API endpoints as documented above.
  • Add integration with MongoDB, Have I Been Pwned API, email/SMS notification services, and monitoring tools.
  • See the API and feature documentation above for guidance.

πŸ—οΈ Tech Stack

Component Technology
Backend Node.js (Express)
Database MongoDB
Frontend (Optional) React.js
Auth JWT, bcrypt
Breach Check Have I Been Pwned API
Notifications Nodemailer, SMS APIs
Monitoring Prometheus, Grafana
Security Helmet.js, CORS, Rate Limiting

πŸ”Œ API Endpoints

πŸ”‘ Authentication

πŸ“Œ POST /api/auth/register – Register a new user.
πŸ“Œ POST /api/auth/login – Authenticate a user.

πŸ” Password Breach Check

πŸ”Ή POST /api/breach/check – Check if a password has been compromised.
πŸ”Ή GET /api/breach/history – Retrieve a user's breach history.

πŸ“’ Notifications

πŸ“Œ GET /api/notifications – View breach alerts.
πŸ“Œ POST /api/notifications/settings – Update alert preferences.

πŸ“Š Admin Dashboard

πŸ“Œ GET /api/admin/dashboard – View breach statistics.

πŸ“¦ Example API Request/Response

Check Password Breach

Request:

POST /api/breach/check
Content-Type: application/json
Authorization: Bearer <token>

{
  "password": "user_password"
}

Response:

{
  "breached": true,
  "sources": ["HaveIBeenPwned", "DarkWeb"],
  "suggest_mfa": true
}

βš™οΈ Installation & Setup

πŸ“‹ Prerequisites

βœ… Node.js
βœ… MongoDB
βœ… API Key for Have I Been Pwned

πŸ› οΈ Steps to Set Up

# Clone the repository
git clone https://github.com/yourrepo/password-breach-notification.git

# Navigate to the project
cd password-breach-notification

# Install dependencies
npm install

# Configure environment variables
cp .env.example .env  # Add API keys & database URL

# Start the server
npm start

πŸš€ Deployment

🐳 Docker Deployment

docker build -t breach-notifier .
docker run -p 3000:3000 breach-notifier

☁️ Cloud Hosting

  • Deploy on AWS, Heroku, or DigitalOcean.
  • Use GitHub Actions for automated deployments.

πŸ”’ Security Enhancements

βœ… Rate Limiting – Prevent API abuse.
βœ… Data Encryption – Ensure passwords & sensitive data are secure.
βœ… Multi-Factor Authentication (MFA) – Encourage users to enable MFA.
βœ… Logging & Anomaly Detection – Detect suspicious activity.

πŸ“Š Monitoring & Visualization

  • Grafana Dashboard πŸ“Š – Visualizes breach alerts and trends.
  • Prometheus Metrics πŸ“ˆ – Tracks API performance and logs.

🀝 Contributing

Want to contribute? Follow these steps:

  1. Fork the repository.
  2. Create a new branch.
  3. Commit your changes.
  4. Submit a pull request.

πŸ“œ License

MIT License – Open-source and free to use! πŸŽ‰

πŸ“¬ Contact

For questions or support, open an issue or contact maintainer@example.com.

🌟 Star this repo if you found it helpful! ⭐

About

The Password Breach Notification System alerts users when their credentials are exposed in data breaches. It integrates with the Have I Been Pwned API, securely stores breach data, and notifies users via email. Built with Node.js, MongoDB, and React, it ensures proactive security monitoring and real-time breach alerts. πŸš€πŸ”’

Topics

nodejs api security alerts express encryption monitoring mongodb authentication reactjs cybersecurity infosec web-security email-notifications haveibeenpwned data-breach password-breach breach-notification jwt-docker-logging-webapp

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages