Hacker News new | ask | show | jobs
by leafstrat 1176 days ago
Interesting, never thought about doing that. There is certainly potential for abuse if not verifying ownership of the account being looked up. Browsing their releases here; https://haveibeenpwned.com/PwnedWebsites

There are two pornography websites, YouPorn and xHamster. Worse than that, Fridae, Fur Affinity, and Fling which could be classified as fetish focused.

>In May 2016, the Fur Affinity website for people with an interest in anthropomorphic animal characters (also known as "furries") was hacked.

>In May 2014, over 25,000 user accounts were breached from the Asian lesbian, gay, bisexual and transgender website known as "Fridae".

>In 2011, the self-proclaimed "World's Best Adult Social Network" website known as Fling was hacked and more than 40 million accounts obtained by the attacker.

Gambling websites, hacking websites, and a few gun ones. Three hobbies that people may like to keep private, and might influence hiring decisions.
1 comments
r721 1176 days ago
Haveibeenpwned.com's owner (Troy Hunt) marks some breaches as sensitive, and you can't check email addresses for inclusion in them without an access to email itself.

"What is a "sensitive breach"?

HIBP enables you to discover if your account was exposed in most of the data breaches by directly searching the system. However, certain breaches are particularly sensitive in that someone's presence in the breach may adversely impact them if others are able to find that they were a member of the site. These breaches are classed as "sensitive" and may not be publicly searched.

A sensitive data breach can only be searched by the verified owner of the email address being searched for. This is done via the notification system which involves sending a verification email to the address with a unique link. When that link is followed, the owner of the address will see all data breaches and pastes they appear in, including the sensitive ones.

There are presently 49 sensitive breaches in the system including Adult FriendFinder (2015), Adult FriendFinder (2016), Adult-FanFiction.Org, Ashley Madison, Beautiful People, Bestialitysextaboo, Brazzers, Carding Mafia (December 2021), Carding Mafia (March 2021), CrimeAgency vBulletin Hacks, CTARS, CyberServe, Doxbin, Emotet, Fling, Florida Virtual School, Freedom Hosting II, Fridae, Fur Affinity, Gab and 29 more."

https://haveibeenpwned.com/FAQs#SensitiveBreach

link