JE
My feedback
-
25 votes
An error occurred while saving the comment -
54 votes
JE supported this idea ·
-
13 votes
JE supported this idea ·
An error occurred while saving the comment JE commented
I subscribe to this HIBP notification service and came here after being informed that my email was among those in the Verification.io breach. Since only a subset of affected accounts had additional PII revealed, it would be useful to know if my particular email address(es) were so affected.
I can certainly understand a reluctance to enter passwords on third party sites, but it becomes a matter of who you trust. People enter passwords online all the time, and HIBP is a secure site. So, as long as they are not storing passwords in the clear, I don't see a reason to be concerned.
Besides, I'm going to assume that the hashes generated client-side may contain a "salt" value and therefore, any hash entered manually by a user (without knowing the salt value) is unlikely to match what's in the HIBP database.