[rippercushions]

It's not his idea, he's saying that there are people out there who are already (mis)using the data for this.

[jtvjan]

Sort of. He does encourage this use-case in the final paragraph.

> Applying "Pwned or Bot" to your own risk assessment is dead simple with the HIBP API and hopefully, this approach will help more people do precisely what HIBP is there for in the first place: to help "do good things after bad things happen".

[taco_emoji]

Yeah it seems clear to me that he's recommending it to be one portion of a risk assessment for a given email address.

[mike_d]

This is a common investigative technique that predates HIBP, however more people are starting to automate it now (using non-HIBP datasets). I think this combined with the new request-based pricing on the HIBP API implies he just wants to make some money off being the quick to implement 75% solution.