LabTech Plugin: Have I Been Pwned?
Posted on June 2, 2016
This plugin uses information from https://haveibeenpwned.com/ to check the contacts in LabTech against known website breaches where information was released. This can help you easily identify users that should consider changing their password. If you have contacts set to sync from your PSA (like ConnectWise or AutoTask), you can leverage the tool to check all known email addresses automatically and regularly as new breaches occur.
Update: You can now right-click on a breached account (or multiple accounts) and send an email to let the contact(s) know about the breach and suggest a password change.
How to use this plugin:
- Install the plugin with our Plugin Installer and restart LabTech Control Center.
- You’ll have a new item in the Tools menu titled “Have I Been Pwned?”.
- Upon opening, there will be no available items. Right-click and choose “Rescan Contacts”. This process will take approximately 1 second per contact.
- Close the window and come back later.
- You should now see any compromised contacts and can filter and export the results as needed.
Note that this process will run every month on the first of the month automatically to get an updated list. You can also force an update at any time using the Rescan Contacts option, though this shouldn’t need to be done frequently. When the scan is run, a ticket will be created if any newly compromised accounts are found – that is, any accounts are found that weren’t found before, regardless of the date of the breach. You can disable ticketing by adding a property in Dashboard->Config->Configurations->Properties. Use the name “SDPwnedDisableTicketing” and a value of “1”.
Hi
Great plugin, thanks.
Is there any way I can create a ticket per issue so I can send mails from the ticket telling the users to change the relevant password and then flag the system to not highlight the issue again.
Thanks
Vaughn
Vaughn,
That’s in the works, but hasn’t been released yet.
Thanks for the feedback!
Tim
Vaughn,
Actually, this feature is now available. Thanks again for the feedback!
I installed it, but when I tell it to scan the labtech control center freezes up, then crashes.
Thank you
David,
That’s definitely a new one! Have you experienced this for multiple users? And are you able to open in contacts in LabTech individually? Please shoot me an email at support@squattingdog.net and I’ll be glad to work toward resolution.
Thanks,
Tim
I am having the same issue when doing an initial scan, it just hangs
Max,
When you do the manual scan, it’s doing so I the foreground and can take a while to complete. However, I’ve found that the HIBP API changed recently and the lookups actually aren’t even working right now. As such, I’d suggest not doing any manual lookups for the time being.
Thanks,
Tim
Is there a way to include the Description in the email template?
Also. is there a way to change the email subject line?
Can you list out the Header Tag fields for the columns or where I can get those?
We have somehow lost the insert tag for the “Description” field and cannot autofill the text info from that column into the messages any longer.
I was unable to find it by exporting to Excel because it used the common name instead of the header tag.
Hi there,
To confirm: When a contact is found in this list that means that specific email account was compromised in the detailed hack in the Description column? Where is the script checking it’s data against? Is it specifically looking to see if the contact has their email address in a compromised list? Where’s the list?
Dominick,
The email is queried against the website haveibeenpwned.com which aggregates data from a variety of sources.
Thanks,
Tim
Hi Tim, I am still on Automate 11, so I tried this plugin, which works well so far – apart from, I can’t seem to send multiple emails at once. I cannot ctrl click to select multiple. I can shift+down arrow, whcih will highlight multipe, but as soon as I right click to show the options, the highlighted section disappears and only a single breach is selected. Any ideas?
Ryan,
Version shouldn’t matter here. However, I do see a problem with the multi-selection thing. If you will, select all of the clients that you’d like (via control-a or shift-clicking) and then press the menu button on your keyboard. This should bring up the menu without going back to a single item. You can also right-click in the column headers or a blank area of the list (if available) and it should work. The problem is that clicking a menu item changes the selected item to make sure that we’re affected the appropriate row. I’ll look and see what I can do about that.
Thanks!
Tim
Thanks Tim – I found that a few minutes ago, so all good, appreciate your response.
Couple followup questions though – one of the contacts I sent an email to, now gets emails directly from haveibeenpwned, as a domain monitoring service. It is possible he signed up to monitor his domain – but they are not saving and using our clients emails are they?
Eg sample text in the direct email:
“An email on a domain you’re monitoring has appeared in a paste”
Also – the automated email from automate, is good – but lacking the description of the breach, which is always useful to know, especially like for generic breaches like spambot or Apollo.
Anything you could do to include that detail?
Thanks,
Ryan
Ryan,
I have no idea if the user signed up for monitoring. The use of the api does not sign anyone up, so that would be coincidence.
I’ve added the description field for the email template, as well as fixing the issue with selecting multiple contacts and emailing them. You can of course update manually via the plugin installer, or wait for the automatic update overnight. Thanks for the feedback!
Thanks,
Tim
Thanks Tim,
I spoke to the user, and he confirmed that he had in fact signed up, so… Weird thing was he had not had any emails until the same day as the notification, but nothing to worry about I suppose.
Thanks for the other fixes, much appreciated.
This is an awesome plugin.
Is there a way to customize the email?
Is there a way to change the sender email address?
Is there a way to create a ticket and move it to our connectwise?