[the1]

http://www.scribd.com/password/check thank you for this. now I can run a list of emails against this to see who has scribd account

[dopamean]

I just put in a bunch of fake email addresses and they all returned with "Good news - your password has not been compromised." I think the only confirmation that youd get of an existing account is if the password was compromised.

[the_french]

They can modify it to simply say whether your account was compromised, regardless of whether you have an account (ie, if no account -> not compromised).

[wuest]

...Which they ought to do. Offering the ability to enumerate user accounts is unlikely to be the immediate goal of this utility, but it's an effect nonetheless.

[lelandbatey]

30 minutes later and it's fixed. Entering an invalid email also results in a "this email was not compromised" message.

[yahelc]

That's what they're doing. "aijaspijasohisaho@asoihdshohdusudhs.com" gets a message saying that that account wasn't compromised.