[jawns]

I wish the post made more clear, ideally right at the top, that the new fee applies only to third-party apps that access the HIBP API, not to end users whose email addresses are being checked against the API. You have to read through the post a bit before that becomes clear.

Individual users who just want to figure out whether they've been pwned will not have to pony up the cash. They can still visit https://haveibeenpwned.com and get that information for free.

[pixelbath]

Perhaps it could be made more clear, but from the post I thought it was very apparent he was only talking about API abuse; most of the introductory text was concerning rate-limiting.

[nathan_f77]

It would also be great to emphasize that this only applies to the HIBP API, and the Pwned Passwords API will still be free. (It's mentioned about half-way through the article.)

[Glyptodon]

I completely missed this because of skimming. Almost jumped the gun on subscribing. Use the pwned password API a lot. (I use the email-based one not at all.)

[jrochkind1]

Hm, I didn't actually realize there was a separate Pwned Passwords API. Having trouble finding docs on it (could be becuase I'm a horrible googler).

[bpye]

Pwned Passwords is detailed towards the bottom of the API page - https://haveibeenpwned.com/API/v3

[_8j50]

Domain wide breach searches for a domain you control still appears to work for free as well.

[denzil_correa]

Bury the lede.