Why are bad actors abusing the API? What benefit does it give them to just be able to check for leaked data on e-mail addresses? Especially when it doesn't actually provide the leaked data...
Assume I find Anna's email address as part of a breach somewhere.
Hello Anna,
We value transparency and honesty highly at $p0wn3d_company. To that end, we're sorry to have to tell you that our systems were compromised by an unknown hacker recently. Although we believe that no personal data has been stolen, we are working with Government agencies and expert security consultants to determine the full extent of the breach.
As a precaution we are asking our customers to change their passwords, which you can do by clicking on >this link here to a website that looks like ours but is actually owned by a hacker<.
AFAIK from looking myself up on the website before it tells which breaches to go hunt down for the actual info. Knowing they need to go hunt down the SpecificWebsite.com's March 2017 breach is way more specific than trying to have a database of all breaches.
Assume I find Anna's email address as part of a breach somewhere.
Hello Anna,
We value transparency and honesty highly at $p0wn3d_company. To that end, we're sorry to have to tell you that our systems were compromised by an unknown hacker recently. Although we believe that no personal data has been stolen, we are working with Government agencies and expert security consultants to determine the full extent of the breach.
As a precaution we are asking our customers to change their passwords, which you can do by clicking on >this link here to a website that looks like ours but is actually owned by a hacker<.
Etc.