C'mon, there is a difference between breaching into servers and leaking/selling people's data and intentionally making all of that public and accessible through a public API
Give me your email address and I can know your name + address + phone number + history of old passwords + browsing history and more personal data
But who am I to care about that kind of things, screw people right
You misunderstood, I'm not against this service, I'm against making the data available to people who do not own the email address, big difference that people don't seem to understand over here
Wich explain the lack of care for privacy and security in the west, boy 2024 will be fun..
Also HIBP has a "domain search" for sysadmins: https://haveibeenpwned.com/DomainSearch
If you just want to check if the passwords of users of your service have been breached, there is a separate API for that: https://haveibeenpwned.com/API/v3#SearchingPwnedPasswordsByR...