Originally Posted by directfiesta

Hummmm.....

But Currently Sober loves the title

Originally Posted by adultchatpay

I entered a fake email and it says it's pwmed!

Originally Posted by ladida

Haha, naive people put their email here and get subject to spam It's just a mail collection service. They have no more knowledge of if your mail got hacked then you do.

Originally Posted by AdultKing

That's incorrect. Troy Hunt runs Have I Been Pwned? and as a well known security researcher and Microsoft fellow I am sure he's not harvesting email addresses.

It's ill informed crap like you just wrote that makes the Internet a more dangerous place, because when security specialists develop tools to protect you all you can do is try to tear them down.

https://en.wikipedia.org/wiki/Troy_Hunt

https://en.wikipedia.org/wiki/Have_I_Been_Pwned%3F

Originally Posted by Bladewire

You know he keeps the emails. Come on

Originally Posted by AdultKing

I know he doesn't, emails are compared to the database and then forgotten.

It's externally audited and trusted by AusCERT.

I can't believe the number of dumb fucks in this thread who have no idea what they're talking about.

Edit: you can voluntarily sign up to be notified of breaches, but to suggest that he harvests emails entered into Have I Been Pwned is ridiculous when you consider the significant scrutiny the service receives.

Originally Posted by Bladewire

You read his TOS they store the emails of subscribers.

Nowhere in his TOS does he say no third parties can pay him to send out promotional emails.

Also, he uses Sendgrid to send out emails

Sendgrid TOS states that third parties are allowed access to the data, it's under "service data"

Originally Posted by AdultKing

What part of respected security researcher do you not understand?

When it comes to technology most of you GFY folk are fucking peasants. No wonder mainstream eclipsed adult, it's because most people left in adult are luddites, clinging on to old versions of PHP and Wordpress, using insecure outdated scripts and probably re-using passwords on a multitude of websites.

You have no idea what K-Anonymity is, or how it's used to cross reference compromised passwords without passing on the password itself, you have no idea what AusCERT is, you probably don't even know how numerous services use the HIBP datasets to protect you on a daily basis.

I can't deal with this level of stupid that most people here exhibit daily.

Originally Posted by Bladewire

Also notice in his TOS when you opt of of email notifications, he doesn't delete your email, he keeps it in his database... how convenient.

"HIBP provides an opt-out feature that removes the email address from public visibility. It does this by flagging the record as being opted-out rather than permanently deleting it..."

I'm not saying he's a bad guy or nefarious in any way. Just the facts.

Facebook famously said they don't give your data to third parties, they just let them access their database of your info.

Originally Posted by AdultKing

Can't argue with stupid.

Originally Posted by Bladewire

What's up with the name calling?

Originally Posted by AdultKing

Because you're so quick jump to dumb conclusions.

Originally Posted by AdultKing

That's incorrect.
It's ill informed crap like you just wrote that makes the Internet a more dangerous place, because when security specialists develop tools to protect you all you can do is try to tear them down.

Originally Posted by ladida

It's actually quite correct. What is ill informed is you not understanding anything about everything. I work on security far more then you have even thought about and know far more about these things then you do, but that is even besides the point, nether i can prove it to you, nor do i care to prove it to you.

Originally Posted by freecartoonporn

and besides, why he needs to collect email addresses ? hes already got like billion+ valid email addresses.

Originally Posted by freecartoonporn

i am with AK on this one, i have used that site before and its trustworthy.

why not test it, make new email account and use it on haveibeenpwned and nowhere else., and wait and watch if you get spam mails.

and besides, why he needs to collect email addresses ? hes already got like billion+ valid email addresses.
just saying.

Originally Posted by AdultKing

Thank you.

He also has millions of invalid email addresses in the database.

Hackers who sold these dumps on the black market used to pad them out with made up addresses in the same way spam list sellers used to do 20 years ago.

If you make up an email address and it comes up as Pwned that's simply because the email address has been used in the way described above.

Troy Hunt is an acclaimed security researcher and has world wide respect in the Internet Security sphere. He's advised Governments, companies and even commissions of inquiry.

He makes big money from his well regarded courses, his directorships and his work for various organisations. It's laughable to suggest that he would risk all that by building his own spam database.

Anyone in this thread who has suggested he has nefarious intent obviously doesn't follow anyone of note with regard to security research.

For those interested in becoming more informed, here are some security related Twitter accounts to follow:



https://twitter.com/blackroomsec ‏
https://twitter.com/th3j35t3r ‏
https://twitter.com/ericgeller ‏
https://twitter.com/runasand ‏
https://twitter.com/savagejen ‏
https://twitter.com/evacide ‏
https://twitter.com/shehackspurple ‏
https://twitter.com/L_AGalloway ‏
https://twitter.com/swagitda_ ‏
https://twitter.com/HydeNS33k ‏
https://twitter.com/MalwareTechBlog ‏
https://twitter.com/briankrebs ‏
https://twitter.com/aprilwright ‏
https://twitter.com/theroxyd ‏
https://twitter.com/Fox0x01 ‏
https://twitter.com/SwiftOnSecurity
https://twitter.com/IanColdwater ‏
https://twitter.com/vixentael ‏
https://twitter.com/rmitera ‏
https://twitter.com/KseniaDmitrieva ‏
https://twitter.com/Alyssa_Herrera_ ‏
https://twitter.com/gynvael ‏

Originally Posted by Bladewire

His TOS specifically states that the emails in the database he owns ARE NOT DELETED

Originally Posted by ladida

It's actually quite correct. What is ill informed is you not understanding anything about everything. I work on security far more then you have even thought about and know far more about these things then you do, but that is even besides the point, nether i can prove it to you, nor do i care to prove it to you. The availability he would need to have to "check" if your email is hacked from all the databases that he claims to check against would make his site the prime target for every email theif on the planet. His database would also be humangous and preserve a constant security threat from those same companies the databases were stolen. Yea, im sure they gave their consent into something like this. Don't be as stupid as you sound.

However, what i do know, and can prove, is that i put a bullshit made up email that came back as "breached". And no, no one else has tried that one since i would sooner win the lottery then for that to happen.
What i did then was try an email i do own that i didnt register anywhere, and it also came back as "breached" and it even lists the databases it is on, and it lists sites that i didn't visit EVER. It listed just some random sites that the guy presumes my ip uses.

So yea, it's a hoax to capture emails. But by all means, go and put all your mails in there.

Originally Posted by gorillaz_

good point , i have checked my e-mails on ihbp , half of them are pwned . i believe they test e-mail addresses with e-mail lookup service in background if they were previously registered with websites that known for breaches , they tell you pwned haha . probably e-mail is just registered but not all accounts were effected in those hacks ,almost all disclosed hacked websites from 2015 sent notifications to reset passwords and i did change them ,what next rainbow tables ?

Originally Posted by AdultKing

Bullshit, you're just another GFY peasant.

Originally Posted by freecartoonporn

i am with AK on this one, i have used that site before and its trustworthy.

Originally Posted by freecartoonporn

why not test it, make new email account and use it on haveibeenpwned and nowhere else., and wait and watch if you get spam mails.

Originally Posted by freecartoonporn

and besides, why he needs to collect email addresses ? hes already got like billion+ valid email addresses.
just saying.

Originally Posted by ladida

Great arguments. Very valid. Keep dumping emails on the site.

Originally Posted by ladida

because it doesn't tell you anything other then breached/not breached.

Originally Posted by AdultKing

These user database dumps are becoming all too. frequent.

Check if you've been compromised on https://haveibeenpwned.com




https://koddos.net/blog/2-2-billion-...new-data-dump/

Originally Posted by Bladewire

AdultQueen licks Troy Hunt's asshole clean because he's a fellow Australian, he literally has a God complex for him.

Originally Posted by DukeSkywalker

Does this mean that the email is currently conpromised? Was at one time compromised? Or does ot mean a service that you have used with that email address was compromised. Can you do your best to elaborate please

Originally Posted by AdultKing

If you followed closely, but you don't, you'll know that in the real world I have actually disapproved of Troy Hunt and his relationship with Microsoft and I have also had a run in with Pluralsight over other issues.

Originally Posted by Bladewire

Yes that's why when I quoted the TOS you blew up and started throwing insults like a little bitch and saying what a God Troy Hunt was

If you want to continue being unsuccessful don't let verified facts get in the way of your fragile ego.

Originally Posted by Paul Markham

Not sure it it's fail safe, our bank sends us a code to our phones when we spend online. So have nothing online worth stealing.

Originally Posted by AdultKing

Incorrect, it lists the breaches and dumps that the email was found in. Fuck, at least get your facts straight before spewing your nonsensical crap..

Originally Posted by AdultKing

It checks the email address against dozens and dozens of dumps and breaches and lists which ones the email address was found in.

Originally Posted by AdultKing

There's no presumption, the site is backed by the best security researchers in the world, did you read that the very best of the best security researchers in the world.

Originally Posted by AdultKing

Fucking simple peasants on GFY. I can't believe I didn't pick up on how technologically inept most of you are here a long time ago.

Originally Posted by Konda

It tells you exactly which breach(es) the email address appears in with a background story of each breach and what details were compromised in that breach.

Originally Posted by Konda

For all my email addresses all the breaches listed are services that I actually used that email address for. It is 100% accurate, not something random as it also includes smaller breaches for lesser known services that I used.

Originally Posted by Konda

Basically all this tool does is match the email address you enter against all the breached databases and tells you if it appears in one or more of them and tells you which one(s).

Originally Posted by Konda

Then they have an additional service where you can sign up for automatic warnings for new breaches, where when there is a new breach it matches the subscribers to the email addresses in that breach and emails you if it found your email address in it.

Originally Posted by Konda

They also allow you to opt-out for breaches appearing when searching for your email address. So when someone searches for your email address it will return it was not pwned. This does not remove your email address from the databases, it just sets a flag that when that email address should return no results.

Originally Posted by Konda

That's all there is to it. It's a very basic lookup tool and notification service that is made to help people be more secure. People thinking otherwise really have no idea what they are talking about. Do you think if there was any doubt about this all the big security research sites and major news publications would constantly link to the site.

Originally Posted by ladida

It doesn't. .......

It's just a spam harvesting machine to harvest more emails. There's really not much to it. Feel free to list all your emails there and deluding yourself it's not what it is and some magical being is hoovering over your safety.

Originally Posted by AdultKing

You're so clueless I don't even know where to begin. Every concern you raised I addressed in this thread

Originally Posted by AdultKing

The only reason I can see why people would dismiss services such as Have I Been Pwned is if they had something to gain from people not being conscious of their security. People such as Brian Krebs and Troy Hunt have long been hated by cyber criminals because they shine a light on cybercrime.

Originally Posted by Smack dat

It's funny that his own email address was pwned. Some security expert lol.

Originally Posted by ladida

Brian Krebs is actually someone that does good things and not harvest emails for spam. Please dont drag the guy's name through dirt by lumping him in with your spam cock assistant. .

Originally Posted by ladida

I work on security far more then you have even thought about and know far more about these things then you do

Originally Posted by Smack dat

It's funny that his own email address was pwned. Some security expert lol.

Originally Posted by AdultKing

Brian Krebbs supports and recommends Troy Hunt's Have I Been Pnwed.

Originally Posted by AdultKing

As I said mate, you're the little village peasant.

Originally Posted by ladida

Nowhere in that 1st article he endorses the website. He just mentions it. He even goes out and says
....

Originally Posted by ladida

Brian Krebs is actually someone that does good things and not harvest emails for spam. Please dont drag the guy's name through dirt by lumping him in with your spam cock assistant.

Originally Posted by ladida

It doesn't. It just namedrops with no relevance. To actually be certain it was breached it would have to list you what it found in the supposed breach. This way you could verify it. Ofcourse it doesnt display anything close to that, and relies on faith of his suckers to think it actually does what it does (ie - you), or possibly payed shills. It's why you're foaming on your mouth because you cant prove anything. Meanwhile, there's no explanation coming why
a) random fake emails turn out as "breached"
b) email used nowhere turns out as "breached" and on sites i never visited in my life.

Keep foaming tho.

No it doesnt.
a) The check would take WAY WAY longer then it's displayed on the site
b) He doesn't have database with that many emails 100%
c) He probably never even saw 50% of the supposed breached databases as if a company discloses it had a breach, it certainly will not send a list of all the users/emails that got breached to some charlatan running a website who's cock you like to put in your mouth way too many times to be considered healthy.

Only it's not. It has you with his cock in your mouth, thats it.

Don't drown in that foam pls.

No it doesnt. It namedrops the supposed breach it had happened on, but you have 0 verification on that other then some random website telling you it did. You might as well believe in fairies and leprechauns and try to find one so it brings you luck in life. It's on par.
Do you have a plausible explanation as to why fake and non used emails appear "breached" and in sites that i didn't visit 1 time in my life, not even by accident? Just because i came and tested the site with IP that's not my own so it presumed i come from a certain country?

Yea im sure it does. There's this guy on tv that also guesses which card you imagined out of 10 random cards he shows you. Im pretty sure there's at least 100 people out of a million watching the show that he got it right. And there we have it, he has a 100 people saying he can read mind.
In reality he can't.

Basically, for this to happen he would have to have ALL of those emails in the breaches as well in his database. In reality, this is 100% not true as per reasons outlined above. Feel free to answer those questions.

Yea, opt in for spam, i know.

I also get regular spam in email that has an "opt out" link as well. Just a feature to satisfy legislature so he can harvest emails better.

It's just a spam harvesting machine to harvest more emails. There's really not much to it. Feel free to list all your emails there and deluding yourself it's not what it is and some magical being is hoovering over your safety.

Originally Posted by Konda

Don't even know how to react to all of this. You are either trolling or very very stupid.

Originally Posted by Paul Markham

Not sure it it's fail safe, our bank sends us a code to our phones when we spend online. So have nothing online worth stealing.

Originally Posted by Smack dat

It's funny that his own email address was pwned. Some security expert lol.