Search results
Jan 18, 2019 · The most recent "Collection #1" breach, with over 12,000 sources is evidence enough that Have I Been Pwned is not the only one aggregating this type of information. And the competition does not have your best interest at heart. Pwned Passwords as a lookup service uses k-anonymity to provide some safety. It works basically like this:
Jan 17, 2019 · As per the website, 1Password integrates with the popular site Have I Been Pwned to keep an eye on your logins for any potential security breaches or vulnerabilities. Entering your email address on this site will tell you which data breaches involve this email address, so that you can go back to the affected website and change your password.
Feb 27, 2018 · Telling you if your password has been used elsewhere is really only a small part of it, and it's not just that the password has been used, it's that it's been used and breached meaning it's probably in several brute force and dictionary lists by now and your account may be more likely to be compromised if it has a password that has been compromised and dumped.
Jun 3, 2019 · I have been hearing more and more that the haveibeenpwned password list is a good way to check if a password is strong enough to use or not. I am confused by this. My understanding is that the haveibeenpwned list comes from accounts which have been compromised, whether because they were stored in plain text, using a weak cipher, or some other reason.
Apr 25, 2020 · But you might have breaches with upward of 500 million email addresses in them. Loads of these might be inactive, but you cannot be sure, so you have to send out 500 million emails. A quick calculation (500 000 000 / 100 000 * 90 = 450 000) reveals incredible monthly costs. Simply said, HaveIBeenPwned probably simply does not have the resources ...
Aug 16, 2019 · I am positive I never signed up for an account there, it's a US education company and I am not from there, nor did I ever have anything to do with US education. I have verified the email is actually from haveibeenpwned. I figured it's possible they merged with another company and took over their user base, but I can find no evidence of that.
Jan 20, 2019 · For example, details for Adobe have been stolen, and it's quite possible a scammer could mail people whose accounts were on Adobe, a supposedly 'urgent update' to their Adobe software, that actually maliciously downloads and installs malware. Being aware that information has leaked from Adobe allows you to take additional precautions against that.
Questions tagged [have-i-been-pwned] Website allowing internet users to check whether their credentials have been compromised in the past. Learn more….
Why is breach-detection site "Have I Been Pwned" considered safe? Whether it be due to technology the site is using, or any manual behind-the-scenes work with the data, why does this breach detection site seem to be unquestioningly safe?
Jul 26, 2019 · For your second question: The NIST standards suggest using such a service, though doesn't name the Pwned Passwords API of HIBP. It's up to you to do a cost/benefit analysis, threat assessment, etc., to see if it's right for you, or even if following the NIST standards is right for you; though we'll certainly be happy to give our opinions if this question's scope were reigned in a bit.
