Include leaked password
You very kindly just sent me an email that my email address and unsalted password were included in the 2012 LinkedIn breach.
I can't remember which password I was using in 2012, and hence don't know which other accounts need a password change. Could you send the leaked hash (or otherwise, depending on the breach) to the effected email?
This presents too many risks, more info here: https://www.troyhunt.com/here-are-all-the-reasons-i-dont-make-passwords-available-via-have-i-been-pwned/
With another year passing, the environment is such that the chances of this being implemented are almost zero. I've just written another piece on the issue which I'm going to link to here before closing this suggestion as "declined". I hope the rationale and the risks behind it make sense to everyone.
Ken Mantey commented
In your description of this latest breach, you stated "hey, I've found your data online, can you help me verify if the password on file for you is correct".
So it appears you have a way of determining the password associated with a username/email address.
1) Is there some way with your API's that I can find those passwords out myself for my accounts?
I already have a password manager, and use the techniques you describe to generate long difficult passwords. So before I blindly change them all, I would like to see if my password has really been hacked.
2) Is there a way those of us that are interested in that information, we could request that "hey, I've found your data online..." service that you provided others?
I could see donating for that service.
Alex W. commented
@TroyHunt I have to say that I understand your concern about storing passwords or even hashes of passwords, but nevertheless I have to fully disagree. **Please** treat any leaked passwords as public information, as that's what the users of your service should assume. That's not to say that you should make those passwords available to everyone, as that would likely put too many users in danger, but it would greatly help if my HaveIBeenPwned Email Notifications included **my** leaked passwords as plaintext in the notification email so I know which one of my passwords has been leaked.
I'm going to decline this one outright simply because I do not want to go down a path of distributing passwords, even a partial hash. At present, I can hand on heart say "only email addresses exist in the system". As soon as I start adding other attributes not only does it become a lot more complex, but now I have a portion of a sensitive data attribute in the system too.
Further to this, it would be problematic with any hashed password or plain text passwords and only of value to the tiny fraction of people who knew how to create a hash of their original password.
I appreciate the sentiment, but this is not a good fir for HIBP at present.