Have I been pwned? Check if you have an account that has been compromised

This was first submitted 480 days ago <a href="https://news.ycombinator.com/item?id=6849057" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=6849057</a> and is done by well-respected security researcher Troy Hunt a sometimes HN contributor <a href="https://news.ycombinator.com/user?id=troyhunt" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;user?id=troyhunt</a>.<p>The point is that the bad guys already have the stuff that he has put out there. Now you can see as well.

I don&#x27;t know about you, but I can&#x27;t bring myself to punch my ID into a random website.

Interesting.<p>I tested with my gmail-account and it was reported as pwned.<p>Then I tested the gmail-account again with this service which also shows the two first characters of the leaked password.<p><a href="https://isleaked.com/en" rel="nofollow">https:&#x2F;&#x2F;isleaked.com&#x2F;en</a><p>Turns out that the leaked &quot;gmail&quot; password was my old password used for unimportant websites and this was never used with the gmail-account itself. So apparently one of those unimportant websites was hacked and the email&#x2F;password was then grabbed. No way to tell which site that was since haveibeenhacked.com does not include that information, but instead makes it appear that the actual gmail password is&#x2F;was compromised.

Some dark hat guy could use the emails collected on site like this for targeted phishing attacks. Now that I have entered my email there, this reveals that I&#x27;m aware of these certain security incidents (the site reported that my email and some personal information had been compromised).<p>Now if somebody would approach me on this topic, they might have a chance of fooling me to give some further details about myself.<p>The benefit from this kind of targeting would be to avoid hitting the spam filters. If they just spammed their message to random addresses, people would flag them as junk mail and good email providers would quickly filter them out.

What is more interesting is that I can see anyone who has had their accounts breached.<p>I now know that I can collect one of my friend&#x27;s cell number from the snapchat breach or that an other famous person had his info leaked by Gawker.<p>(edit - punctuation)

Doh... I am on there. Anyone have a good way to find all the accounts linked to my email address? I have tried searching for<p>subject:(register | confirm email | activate | account)<p>in my gmail account anyone have a better way?

Interesting case of suggestion bias... when faced with such a website name, you are reluctant to give out your email which you would do when signing up to some other site. Except...<p>1) This site asks for the email address that you CARE about<p>2) It specifically has people self select for caring about being pwned<p>Therefore it IS more dangerous.

My gmail is in the dump but I changed from that password at least 3 years ago. So, the dump is pretty old.

Anyone here, who can say whether this service is trustworthy and not collecting additional Email addresses?

LastPass also does this for any accounts you track with them.

I tried bob@mailinator.com - totally pwned.

Good news — no pwnage found! :)

Great work, I signed up.

Wonderful site.<p>Also, God dammit Boxee.