The domain registration page says "Verifying by email is the fastest way to confirm ownership of the domain. You can either verify using an email address on the domain registration record or by using one of several pre-defined addresses for the domain." However, in fact I cannot find any way to use the email address actually on my domain registration record (paleo.org), as it is not one of the four standard addresses listed.

Recover verification notice.

This service is awesome and user will be warned if they are pwned.
But the registration confirmation email says "...and you can unsubscribe at any time if you don't want the notifications."
Please, make an unsubscribe button. I can't find any unsubscribe button or form on the website or in the email.
Thanks.

Thunderbird refuses to open either your breaches or pastes RSS feeds, claiming failed validation. The w3c feed validator fails both: https://validator.w3.org/feed/
Whether they are broken or not is beyond my experience :-)

There was a breach on wpengine.com, maybe data about accounts will be available somewhere
https://wpengine.com/support/infosec/

Using the crowd, I have finally solved the mystery which database a certain paste represents: http://security.stackexchange.com/questions/108191/what-can-i-do-if-i-discover-that-my-password-hash-has-been-leaked-in-pastebin

Can I/Could you add that information?

Hi,
It will be nice to have an "acknowledge" option if i subscribe - so when i see list of sites/accounts i changed my password too i would be able to acknowledge and then see only new threats as red

thanks,

I've had emails saying that both my tumblr and MySpace accounts have been breached, however I don't have accounts on either system.

Is there a means of fixing the issue?

Can I get my name off the pwned list? (without opting out)

Would it help to contact the pwned website(s) with my data?

Thanks

If you're doing a domain notification (notifying of any info for your domain that becomes compromised), you'd like to relay concerns to your users when those alerts come up. Right now, we're just getting a number of accounts, rather than the actual specifics. Even listing email addresses would help.

One of my several email id has been part in one of the data leak but searching here shows that it is not. This shows there is some discrepancy in data you refer to. I can not reveal much publicly here but you can reach out to me and i shall share more details.

customer service said that someone accessed my account, changed the email address on file, then proceeded to order e-gift cards.

Can you check into it if possible?

Good service but I think you need $ to improve it.
A user could be charged a small amount, around €1, for the release of information related to a security breach.
The basic account could be free but the user would have to pay for advanced services.

Since I use a seperate email address for every domain I register for (forum/webshops) I have a fairly good picture of breached sites (currently many forum sites). Is there a way to add/investigate/report these?

Why did I receive an email indicating pwned on the JustDate fabricated breach, but when I search from the Home page, only the Linkedin breach is noted? Is it possible that the email was spoofed? It looks almost exactly like the one i received when you posted the Linkedin breach. I suspect many others are in this same situation. Esp. if the Justdate breach was indeed 24 million people as the email indicated. Thanks.

In all versions of Google Chrome I am now advised;

This site can’t provide a secure connection

haveibeenpwned.com uses an unsupported protocol.
ERRSSLVERSIONORCIPHER_MISMATCH

The client and server don't support a common SSL protocol version or cipher suite. This is likely to be caused when the server needs RC4, which is no longer considered secure.

So, why can't you use a proper protocol?