8
Comments
  • 2
    Got to love mass list makers....
    thankfully it’s not a new breach but a bunch of old ones.
  • 3
    Never heard of haveibeenpwned.com before. Pretty cool actually :)
  • 2
    I feel sites like haveibeenpawnd is exactly the kind of site that would collect and distribute mass lists like this. I mean who in their right mind would put their email/password/card no on a website just to see if it is on some hacker database? Wouldn't just doing that put you on a database if it isn't already?
  • 1
    @CatMDV You only input your mail and you dont have to if you don't want. I trust them and have on multiple occasions checked my main mail address and so far it has not been leaked.
  • 1
    @CatMDV If you do the password search, it only sends the first few bytes of the SHA hash to the site. https://troyhunt.com/ive-just-launc...

    If you don't trust the JS, you can directly use the API.
  • 1
    @CatMDV It only sends the SHA digest short (the truncated one, like Git* uses) of what you put in, not the entire damn thing in the clear.
  • 2
    That thing is just a collection of previous leaks.
  • 1
    @filthyranter Which makes it exceptionally dangerous, considering the sheer amount of data.
  • 1
    @Parzi Sure, but looking at the collection, only my previously leaked (and already seen) data is in there.
Add Comment