Troy HuntNov 6
This has been an extraordinary set of data to process: 1.3B unique passwords, 2B unique email addresses (including mine 😭) and almost 3M of our @haveibeenpwned subscribers in there. It’s been weeks of processing to get this loaded, and finally, it’s done https://www.troyhunt.com/2-billion-email-addresses-were-exposed-and-we-indexed-them-all-in-have-i-been-pwned/
2 Billion Email Addresses Were Exposed, and We Indexed Them All in Have I Been Pwned

I hate hyperbolic news headlines about data breaches, but for the "2 Billion Email Addresses" headline to be hyperbolic, it'd need to be exaggerated or overstated - and it isn't. It's rounded up from the more precise number of 1,957,476,021 unique email addresses, but other than that,

Troy Hunt
Show threadCamFlyerCHNov 6
@troyhunt @haveibeenpwned Oh no! I got mails....
Show threadrastilinNov 6

@CamFlyerCH @troyhunt @haveibeenpwned

At this point isn't it just noise? Unless it can tell me which passwords have been leaked, or if any passwords are leaked at all, there's no point in this warning. For example I already know my email is out there and has been for over a decade due to breach after breach after breach. So.

Show threadRado
@rastilin @troyhunt @haveibeenpwned
That's exactly what I thought. I didn't have notifications turned on and my old address popped up. It is associated with dozens of passwords. I know there is the password check on haveibeenpwnd, but trying them one by one ... is probably not the best approach. It is on my personal domain so maybe that would reveal the email/pwd pairs or allow me to check specific passwords? Or is the paid API the only way - can anyone confirm?
Nov 6 at 10:25amWeb
Show threadTroy HuntNov 6
@rado @rastilin @haveibeenpwned that’s all covered in the blog post folks, and all of Pwned Passwords is free and open source
Show threadRadoNov 6
@troyhunt @rastilin @haveibeenpwned Thank you for kicking me hard enough to read it through until the end - was definitely worth it 🙂
Show threadTroy HuntNov 6
@rado @rastilin @haveibeenpwned 👍