Shlee fooled around &"this is a common password."
mirabilos@shlee by even knowing that, you know they cannot be storing your password securely
OnlyMe@mirabilos @shlee They might be (hopefully are) using k-Anonymity with HIBP, which would be ok
https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/
I've Just Launched "Pwned Passwords" V2 With Half a Billion Passwords for Download
Last August, I launched a little feature within Have I Been Pwned [https://haveibeenpwned.com/] (HIBP) I called Pwned Passwords [https://www.troyhunt.com/introducing-306-million-freely-downloadable-pwned-passwords/]. This was a list of 320 million passwords from a range of different data breaches which organisations could use to better protect their own systems.