upvote

points

by J-Kuhn14 hours ago |
comments
upvoteby khafra14 hours ago|
next
[-]
I don't think he meant "show the actual data," I think he meant "what leaked? My name, address, phone number, email, medical records, payment history, bank account number?"

We get a "your private data is now public" email, but knowing exactly what data turns that from a depressing statement on how much corporations value their customers' privacy into something actionable.

reply
upvoteby J-Kuhn13 hours ago|
parent|
next
[-]
This information is shown on the site of the breach, as example: https://haveibeenpwned.com/Breach/BakerDistributing
reply
upvoteby charcircuit12 hours ago|
parent|
prev|
[-]
Yes, I meant the actual data so you know what leaked. There is a difference between leaking a password 12345678 and leaking a password that was reused on a different site. There is a difference between leaking your actual birthday and leaking 01/01/1900. There is a difference between leaking a fake address, your previous address, and your current address.
reply
upvoteby pixl973 hours ago|
parent|
[-]
Then feel free to browse the onion and buy data that you may be included in.

There seems to be some amount of entitlement by people in this thread to get information from a third party about what a first party to them lost.

The first party that lost your data should be the one that shows you exactly what was compromised.

reply
upvoteby charcircuit12 hours ago|
prev|
[-]
>Most breaches already contain hashed passwords

It could show the hash instead.

>No, it's not ok that these passwords are already out there

So it's better that people have to pay for it instead of getting this information for free?

>Because it's important to say "I don't store passwords in HIBP"

This is a personal choice.

>I'm not your personal lookup service

The idea is that this would be done by the site itself and would not require manual work by the owner.

reply
upvoteby parable11 hours ago|
parent|
[-]
Hashes can be cracked, and end users won't understand how to create password hashes to check which one was leaked. Plus, salts exist.

Passwords shouldn't matter anyways. Use a password manager and be done with it. The real issue is metadata which can't easily be changed - phone numbers, addresses, and the like. If any of that data is leaked, it becomes much harder to contain impact. You can't move addresses every time your address gets leaked online.

reply