Skip to content

I suggest you ...

← General

Indicate if the same credentials have appeared in another breach

Nice, now I know that my mail-address was included in the Exploit.In and Adobe breach. But the Exploit.In breach does not hint any clue whether we talk about the same service (=Adobe) or not. I can understand that you cannot mail me a password. After all you don't know me. I might as well be an imposter. But it would be cool if you could internally setup your database such that it outputs whether the password in an amalgamated-list-breach that did not specify a service like Exploit.In was identical to the one in another breach like the Adobe breach. That would allow me and other users to assess the damage much better and take action. So the output I would wish for should look as follows:

Credentials associated with your email appeared N times in this list. 1 entry matched information leaked through >link< XYZ breach. 1 entry matched information leaked through >link< XYZ breach. .... and so on.

63 votes
Vote

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
You have left! (?) (thinking…)
Matt shared this idea  ·   ·  Report…  ·  Admin →
How important is this to you?

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • AK Prashant commented  ·   ·  Report

    @Matt: To compare if an obtained credential set (username, email address, password) were identical from breaches of different services, Troy Hunt needs to copy and store passwords (in plane text or hashed form) with their respective email address and breached service name. Troy Hunt has categorically denied to store data that way.

    Or did you mean that after using https://haveibeenpwned.com/Passwords service, you wish to know if a particular password (either in hashed form or successfully cracked into plaintext) "Pa55w0rd" has been exposed in the following breaches like Adobe & linkedIn, but without linking it to a particular email address or username. But I do wonder what purpose does it serve!
    If I find that a particualr password has already been pwned, I would proactively change the password of all my registered services that are currently set as that one, irrespecive of the service being breached or not.

    @Troy Hunt: Please clarify.

General

Categories

Feedback and Knowledge Base

(thinking…)