[manigandham]

The form on HIBP uses the same JS client hashing, you can check the HTTP requests yourself in dev tools.

Yes, the whole dataset is available. The first paragraph mentions the release of the v2 dataset and you can read the full blog post here: https://www.troyhunt.com/ive-just-launched-pwned-passwords-v...

You can get the 8.8gb file directly here: https://haveibeenpwned.com/Passwords

[aplorbust]

Thanks for the answer.

That page acknowledges the issue, which is all I was curious about:

"Getting back to the online search, being conscious of not wanting to send the wrong message to people, immediately before the search box I put a very clear, very bold message: "Do not send any password you actively use to a third-party service - even this one!""