Marth - Business Automation This workflow corresponds to n8n.io template #6838 — we link there as the canonical source.
This workflow follows the HTTP Request → Slack recipe pattern — see all workflows that pair these two integrations.
The workflow JSON
Copy or download the full n8n JSON below. Paste it into a new n8n workflow, add your credentials, activate. Full import guide →
{
"id": "2Sx7R4CGxcRmr5gV",
"name": "Automated Data Breach Monitor with HIBP API",
"tags": [],
"nodes": [
{
"id": "5d16601e-79e7-4071-a0f0-dce718bf3e25",
"name": "Schedule Trigger",
"type": "n8n-nodes-base.scheduleTrigger",
"position": [
0,
0
],
"parameters": {
"rule": {
"interval": [
{}
]
}
},
"typeVersion": 1.2
},
{
"id": "15146ef4-c973-437d-aaa0-961a9ce6f671",
"name": "List Emails to Check",
"type": "n8n-nodes-base.code",
"position": [
208,
0
],
"parameters": {
"jsCode": "const emailsToCheck = [\n \"user@example.com\",\n \"user@example.com\",\n \"user@example.com\"\n];\n\nreturn emailsToCheck.map(email => ({\n json: { email: email }\n}));"
},
"typeVersion": 2
},
{
"id": "d7fcb0a4-307b-4454-a515-615bb32614da",
"name": "Query HIBP API",
"type": "n8n-nodes-base.httpRequest",
"position": [
416,
0
],
"parameters": {
"url": "=https://api.pwnedpasswords.com/range/{{ encodeURIComponent($json.email) }}",
"options": {}
},
"typeVersion": 4.2
},
{
"id": "e7201557-fd32-4bca-a6c8-e053df5553b3",
"name": "Is Breached?",
"type": "n8n-nodes-base.if",
"position": [
624,
0
],
"parameters": {
"options": {},
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": true,
"typeValidation": "strict"
},
"combinator": "and",
"conditions": [
{
"id": "5ceba6a6-a52f-4ed8-85b8-5e68e0cda8ac",
"operator": {
"type": "string",
"operation": "notEquals"
},
"leftValue": "={{ $json.body }} ",
"rightValue": "[]"
}
]
}
},
"typeVersion": 2.2
},
{
"id": "d7bfc8f4-9067-40ce-ae3c-8f96203404fc",
"name": "Send High-Priority Alert",
"type": "n8n-nodes-base.slack",
"position": [
880,
0
],
"parameters": {
"text": "=\ud83d\udea8 *URGENT: Data Breach Alert!* \ud83d\udea8\\nEmail address *{{ $json.email }}* was found in a data breach.\\nImmediate action is required!",
"user": {
"__rl": true,
"mode": "id",
"value": "[YOUR_SECURITY_ALERT_CHANNEL_ID]"
},
"select": "user",
"otherOptions": {}
},
"credentials": {
"slackApi": {
"name": "<your credential>"
}
},
"typeVersion": 2.3
},
{
"id": "0375f848-bb60-42cb-9c69-23d2d5fb0c26",
"name": "Sticky Note",
"type": "n8n-nodes-base.stickyNote",
"position": [
-64,
-48
],
"parameters": {
"width": 1184,
"height": 240,
"content": "## Flow"
},
"typeVersion": 1
},
{
"id": "02e3c3f0-0cf3-4bf3-9b7b-4b6bec91d354",
"name": "Sticky Note1",
"type": "n8n-nodes-base.stickyNote",
"position": [
-64,
240
],
"parameters": {
"color": 5,
"width": 1184,
"height": 1200,
"content": "## Problem\nAs an AI Agent developer, you know that one of the biggest threats to businesses is compromised credentials. Employees often use corporate emails to sign up for third-party services. When those services are breached, their credentials can leak, and attackers can use them to try and gain access to your internal systems (known as a **credential stuffing attack**). Manually monitoring every email account for breaches is an impossible task.\n\n## Solution\nThis n8n workflow offers a proactive and efficient solution. It **periodically checks a list of company email addresses against the HaveIBeenPwned (HIBP) API**\u2014a trusted database of leaked credentials. If an email address is found in a data breach, the workflow will immediately send an **urgent alert to Slack**, allowing your security team to take swift action, such as forcing a password reset or temporarily suspending the account, before attackers can exploit the leaked data.\n\n## For Whom\nThis simple yet vital automation is ideal for:\n* **Security & IT Teams:** To proactively monitor at-risk credentials.\n* **System Admins & HR:** To detect security risks on employee accounts.\n* **Small and Medium-Sized Businesses (SMEs):** To implement a strong, yet easy-to-deploy, layer of foundational security.\n* **Any Organization:** That wants to reduce the risk of credential stuffing attacks and protect internal data.\n\n---\n\n## Scope\n* **What it does:**\n * Runs on a customizable schedule (e.g., every week).\n * Checks a list of specified email addresses against the HaveIBeenPwned database.\n * Sends a detailed, urgent alert to a designated Slack channel if a breach is detected for an email.\n* **What it doesn't do:**\n * This workflow **does not automatically fix the issue** or reset passwords. It is a detection and alerting tool only.\n * It does not monitor other security vectors, such as network activity or file changes.\n\n---\n\n### How to Set Up\nHere is a step-by-step guide to implement this workflow in your n8n instance.\n\n1. **Prepare Your Credentials**\n * **HIBP API Key:** You need to get an **API key** from haveibeenpwned.com. This key is required to access the API.\n * **Slack Credential:** Create a **Slack credential** in n8n. Note the **Channel ID** of your security alert channel (e.g., `#security-alerts`).\n\n2. **Import the Workflow JSON**\n * Create a new workflow in n8n and import the JSON code (which was provided in a previous response).\n\n3. **Configure the Nodes**\n * **Scheduled Check (Cron):** Set the schedule according to your preference (e.g., every Monday at 8:00 AM).\n * **List Emails to Check (Code):** Open this node and **edit the `emailsToCheck` array**. Enter the list of company email addresses you want to monitor.\n * **Query HIBP API (HTTP Request):** Open this node and in the \"Headers\" section, add the header `hibp-api-key` with the value of your HIBP API key.\n * **Send High-Priority Alert (Slack):** Select your **Slack credential** and replace `YOUR_SECURITY_ALERT_CHANNEL_ID` with your actual **Channel ID**.\n\n4. **Test and Activate**\n * **Manual Test:** Run the workflow manually. You can test with a known breached email address (you can find examples online) to ensure the alert is triggered.\n * **Verify Output:** Check your specified Slack channel to confirm that the alert is sent with the correct information.\n * **Activate:** Once you're confident in its function, activate the workflow. n8n will now automatically monitor your important accounts for data breaches on the schedule you set."
},
"typeVersion": 1
}
],
"active": false,
"settings": {
"executionOrder": "v1"
},
"versionId": "c349e3f7-69f0-4039-9b6f-5dd5a0787987",
"connections": {
"Is Breached?": {
"main": [
[
{
"node": "Send High-Priority Alert",
"type": "main",
"index": 0
}
]
]
},
"Query HIBP API": {
"main": [
[
{
"node": "Is Breached?",
"type": "main",
"index": 0
}
]
]
},
"Schedule Trigger": {
"main": [
[
{
"node": "List Emails to Check",
"type": "main",
"index": 0
}
]
]
},
"List Emails to Check": {
"main": [
[
{
"node": "Query HIBP API",
"type": "main",
"index": 0
}
]
]
}
}
}
Credentials you'll need
Each integration node will prompt for credentials when you import. We strip credential IDs before publishing — you'll add your own.
slackApi
For the full experience including quality scoring and batch install features for each workflow upgrade to Pro
About this workflow
This workflow efficiently performs a scheduled data breach scan.
Source: https://n8n.io/workflows/6838/ — original creator credit. Request a take-down →
Related workflows
Workflows that share integrations, category, or trigger type with this one. All free to copy and import.
This workflow is an automated employee time tracking and reporting system that monitors weekly work hours via TMetric, then delivers personalized summaries directly to each team member on Slack. It co
Import Productboard Notes Companies And Features Into Snowflake. Uses stickyNote, httpRequest, splitOut, snowflake. Scheduled trigger; 35 nodes.
Import Productboard Notes, Companies and Features into Snowflake. Uses stickyNote, httpRequest, splitOut, snowflake. Scheduled trigger; 35 nodes.
This workflow imports Productboard data into Snowflake, automating data extraction, mapping, and updates for features, companies, and notes. It supports scheduled weekly updates, data cleansing, and S
This workflow streamlines the entire inventory replenishment process by leveraging AI for demand forecasting and intelligent logic for supplier selection. It aggregates data from multiple sources—POS