I suggest to implement an email verification that is necessary to get to know whether the email adress one typed in has been pawned or not.
By getting the information on whether an email address has been pawned without verification whether it's mine or not it is easy for everyone to check really quickly whether the email addresses one has from people around is worth trying to hack. One doesn't have to check the list. This site is doing that for one.
Matthias Heinold
shared this idea
There are many reasons why this wouldn’t make sense: https://www.troyhunt.com/the-ethics-of-running-a-data-breach-search-service/
-
Anonymous
commented
By enabling your users to simply type in ANYONE's email without verifying it as their own - you are revealing that email (users) data.
But clearly that is how you intend it to function. And perhaps that's a good thing... i don't know.
-
Anonymous
commented
not sure why suggestion was merged with this as it has nothing in common.
-
Anonymous
commented
This service lets you see which websites ANYONE has used.
That in itself is a privacy issue.
Why not send a conformation email to the requested email before displaying results?