Quote:
Originally Posted by ladida
No answers to these.
1. With trillion of emails he supposedly has in his database, how is his search going so fast? If you've ever dealt with such big numbers in a db, you'd know it would take a little longer then 1 second to throw if it's breached or not and list in which breaches it had happened. This first throws its not actually checking among that many searches (if any at all)
|
I run a search engine with 10 billion+ pages indexed, search results returned in less than 1 second.
Quote:
|
2. Why does it throw absolute fakes as "breached".
|
Because hackers pad out their dumps with fake email addresses, read back in the thread for the full explanation of why.
Quote:
|
3. Why did it list my email as used in several breaches, amongst which are sites that i hadn't had visited ever in my life. Think of it like this. US guy that doesnt know russian or chinese checks his email and shows it as "breached" in vk.ru or some chinese website he never even heard of?
|
Because someone has used your email to sign up for those services when you were breached in another compromise.
Quote:
|
4. Many of the breaches listed on his website have never been public. They were just "company X announces it had a breach and sent emails to all concerning accounts to change their email". Knowing that, who in their right mind would then send a complete list of breached accounts, along with emails to some random nobody that runs "haveibeenpwned.com" that same list because there's no way on earth he could get a hold of it other way. Not only would that be illegal for the said company and they could be sued for sharing your details with a random nobody, they would also knowingly further endanger their business.
|
Every breach in the HIBP database has been made public.
Anything I missed?
Why do the London Police, US Government, Brian Krebs, the best of the best security professionals trust HIBP and not you? What do you have to gain by shitting on a perfectly legitimate service?