Hacker News new | ask | show | jobs
by the_french 4823 days ago
They can modify it to simply say whether your account was compromised, regardless of whether you have an account (ie, if no account -> not compromised).
2 comments
wuest 4823 days ago
...Which they ought to do. Offering the ability to enumerate user accounts is unlikely to be the immediate goal of this utility, but it's an effect nonetheless.
link
lelandbatey 4823 days ago
30 minutes later and it's fixed. Entering an invalid email also results in a "this email was not compromised" message.
link
yahelc 4823 days ago
That's what they're doing. "aijaspijasohisaho@asoihdshohdusudhs.com" gets a message saying that that account wasn't compromised.
link