All I care about is our cards being scammed. Had it happen with my Epassport card back in the day. Fuckers took $1,000s before I noticed.

https://krebsonsecurity.com/2013/06/...email-account/

I hope your peasant mind can understand the risks of being compromised beyond a credit card. :2 cents:

I have nothing to read there. He lists it because it's just a resource someone out there put that supposedly does something it doesn't. Keep chugging your emails into the spam base.
The usual response when someone has no factual response. You have adopted the logical fallacy route adult king so easily wants to go with. You go girl.

You got Pwned peasant.

Brian Krebs recommends and links to HIBP in several articles, they appeared together at a security conference last year discussing HIBP and countless respected security researchers attended that conference.

Now all this stares you in the face, the fact that you trust Brian Krebs but won't trust a service he recommends demonstrates clearly that you are the stupid peasant I called you out to be early on in this thread.

The world doesn't need peasants like you.

Like talking to a little child that plugs his ears and keeps rambling "i win i win" :)

I present facts, you ignore them because you have no answer. If you actually knew anything about anything you'd see how stupid and unanswerable some of the questions presented to you are, and possibly, start thinking with your head, not that cock in your mouth you can't get enough of.

Ladida is a little faggot like that...he got brain damage from following my tades in another thread and now he is confused...his brain is trying to reboot...the last thing he remembers is making fun of my beautiful charts...then he woke up with a spent butthole...

Answer this simple question, do you trust Brian Krebs?


Tony Murray - National Protect Officer, NCO of the London Police just Tweeted in support of Troy Hunt & HaveIBeenPwned.

National Coordinator’s Office. #Fraud & cybercrime prevention advice. #Tell2 and keep communities informed & safe.

https://twitter.com/CityPoliceTell2/...30625080840192

Can't argue with stupid. Factual response? Everyone who knows a little about the internet and security knows how that site works and what it does. If you really believe what you write then I feel very sorry for you.

HaveIBeenPwned keeps subscribers emails after they unsubscribe via SendGrid and SendGrid TOS specifically authorizes them to share data to 3rd parties.

Inconvenient facts for your agenda

Sendgrid blurts out OWN customers' email addresses with no help from hackers

SendGrid admits hack, says all customers must reset their passwords

You've got a solid boner for Troy Hunt because you are both Australian but facts are facts :2 cents:

SendGrid: Employee Account Hacked, Used to Steal Customer Credentials — Krebs on Security

Although I don't agree with most of your posts I did honestly think you were smarter than this.

What does SendGird has to do with the way HaveIBeenPwned works.

HaveIBeenPwned only uses SendGrid as their outgoing mail provider for the people that subscribe to get notifications when a new breach is found.

SendGrid is a service that you can use to send out your emails to have better deliverability, we also use them for our emails to customers that subscribe to our sites so that it doesn't end up in their spam folder and so do some of the world's biggest online companies like Uber, Spotify, AirBnB.

SendGrid does not (and can not) send out emails to your lists nor sell it to third parties. The part of the terms you referred to in an earlier post mentions they can only use unidentifiable data (for example like how many emails are being send, how many emails to certain providers etc.).

The hacks you refer to above are about their b2c clients, nothing to do with end users' email addresses. It's a huge company that had some hacks in the past, just like most other big online companies experience at some point. It has nothing to do with HaveIBeenPwned or the way they work.

HIBP does not keep subscription email addresses, it keeps breach email addresses. If you unsubscribe from the notification service then you're taken off the SendGrid list.

In this thread you have conflated the emails held in the HIBP database and the subscriber database for people who want to be notified about future breaches by HIBP.

You're also misunderstanding the application of the SendGrid Terms of Service as they apply to information and email addresses used by a SendGrid subscriber.

SendGrid is one of the most renowned and respected subscription email services in the world, Troy Hunt needs to use something, would you prefer he use MailChimp?

Bladewire, I probably agree with more of what you say than you realise but on this one you are way off base.

Bro, i thought we're cooler then this. You and me, ballin' on our imaginary islands spending imaginary wealth? Wadup what happened?
Discussion doesn't go like that. You first got asked questions, you can't just ignore them and ask me counter questions. I can start answering questions once you answer my "simple" questions. Untill then, keep feeding emails into the spam base.
Surely you can't. No answers, just more ad hominems, appeals to authority, red herrings and what not without any actual proof of anything. Keep chugging that spam.

Ask any question that hasn't been addressed in this thread.

You've got Brian Krebs, the head of the National Coordinator’s Office of London Police Anti Cybercrime unit, hundreds of the worlds best security researchers and I all telling you Troy Hunt is legit and HaveIBeenPwned is legit, yet you continue to say it isn't.

The only reason I can think of for you trying to throw shade on a well respected security researcher and his services is that you benefit from this service not existing.

No answers to these.
1. With trillion of emails he supposedly has in his database, how is his search going so fast? If you've ever dealt with such big numbers in a db, you'd know it would take a little longer then 1 second to throw if it's breached or not and list in which breaches it had happened. This first throws its not actually checking among that many searches (if any at all)
2. Why does it throw absolute fakes as "breached".
3. Why did it list my email as used in several breaches, amongst which are sites that i hadn't had visited ever in my life. Think of it like this. US guy that doesnt know russian or chinese checks his email and shows it as "breached" in vk.ru or some chinese website he never even heard of?
4. Many of the breaches listed on his website have never been public. They were just "company X announces it had a breach and sent emails to all concerning accounts to change their password". Knowing that, who in their right mind would then send a complete list of breached accounts, along with emails to some random nobody that runs "haveibeenpwned.com" that same list because there's no way on earth he could get a hold of it other way. Not only would that be illegal for the said company and they could be sued for sharing your details with a random nobody, they would also knowingly further endanger their business.

Let me know when you can chew this through your brain.

I run a search engine with 10 billion+ pages indexed, search results returned in less than 1 second.


Because hackers pad out their dumps with fake email addresses, read back in the thread for the full explanation of why.

Because someone has used your email to sign up for those services when you were breached in another compromise.

Every breach in the HIBP database has been made public. :2 cents:

Anything I missed?

Why do the London Police, US Government, Brian Krebs, the best of the best security professionals trust HIBP and not you? What do you have to gain by shitting on a perfectly legitimate service?

You enter your email address & subscribe to be notified of a breach.

Your email, that you added, is not deleted from their email database when you unsubscribe to be notified of a breach, this is stated on their site in their TOS.

I realise this :) We're on the same team. We're butting heads on this small inconsequential issue because we can be stubborn and precise. It's a gift & can be a weakness :2 cents:

This is not an answer. I have no idea what you run or what does your "search engine" consist of. His database however consists of full email data, along with at least a breach and where it had happened to cross reference it. He literally, supposedly, goes through billions of emails on every search and brings back results in a second? Yea, not happening.
Chances of us hitting the exact fake email are smaller then me winning the lotto. I do play it, i've yet to win it. This is again a no answer.
Again no answer. They can't use my email because
a) i would get a notification from said service that my email was registered there
b) there's no incentive for them to use it if they have no access to it.
Not it has not. They have been made public as previously stated, "this and this comapny announced it had a breach". They however, did not disclose the data that was taken and made it publicly available.
Anything you answered that was remotely plausible? You might as well go and talk about how earth is flat. Arguments are smilar.
"what about satelite images" - your answer would be "faked", without any proof what so over. That's basicaly how you answered my questions.
They don't trust it, you are again twisting facts. They have mentioned it as a resource, because well, it's out there. Neither of those mentioned above have actually looked if the said person has and does what he says it does. If US president is at a dinner party with a guy that murders his wife in next few days, does that mean he condones the murders and the murderer? No it doesn't.
The same is with this website. Just because the guy put the website out and they mention it doesn't mean anything more then just that, a resource they link to. However, that doesn't make it less of a spam dump then it is.

Expected answer.

Fuck off peasant, you've proved you don't know anything.

Haha, yea, that's the next stage of denial. Getting angry. I know you're payed to post bullshit, but at least try to stay calm while doing so and avoid personal involvement into things that are beyond your comprehension.

So now HaveIBeenPwned is a spam email harvesting operation AND I am paid to post on GFY?

:upsidedow

You act as if that's something mutually exclusive. If i add sun is hot, will you make another payed post with "so now hibp is spam email harvesting operation, i am paid to post and sun is hot" ?

Yea, both of those counts are correct. Doesn't take much to see both. First is proven already, and your paid postings, well, im here long enough to spot when someone comes and goes, and your posts are noticed only when you were paid to post against piracy, then paid to post for piracy (something along those lines, the posts were boring so i hardly read them) but it was something along Nathan and mansef is the worst scum to best chaps in like few months. Then you dissapeared and your whole agenda about piracy fight, and then again started posting random 10 posts a day few months a go.
So yea, paid shill.

:1orglaugh :helpme

Ramp up that 10 a day post count. Gogogo.

Just so it's perfectly clear retard, I am not paid to post anywhere. Why would I bother?

My company has two nicks on this forum, one joined in 2002 and this one in 2003.

The other nick has not been used in years and when used is used by my assistant.

I have posted on and off on GFY since the middle of 2003.

In that time I have done a lot of things, owned pay sites, built software, developed search engines, run TGP, Blogs, Tubes and other stuff.

The reason I have periods where I don't post is because I am busy doing other things that interest me, such as spending time in my studio, or going on vacations, or travelling in the bush or just can't be bothered dealing with morons like you.

If that were the case, you wouldn't have stupid rambling posts about nonsensical things. That is, well, untill you strike a deal to have someone pay you to post then you go whack at it. Keep chugging little engine and try to keep emotions out of it. It's just business. They dont care what you post, so long as you post.