Email or username:

Password:

Forgot your password?
Have I Been Pwned's posts Post Back to profile
Top-level
@pndc

@haveibeenpwned You sent me a mail telling me that an address in my single-user domain was involved in this breach. Thing is, I'm not a HIBP subscriber.

The link in the email took me to a page which wanted me to subscribe to a service which costs hundreds of dollars per year to see the details because apparently you think I am an ISP because your data is extremely dirty as it contains loads of invalid addresses generated by spammers using dictionary attacks.

So I forwarded the email to abuse@sendgrid.com pointing out it was spam. Because if you're bulk-sending mail to non-customers trying to get them to pay money, that's spam.

9 October at 23:02 | Wall-to-wall | Open on social.treehouse.systems
3 comments
asteriske

@pndc @haveibeenpwned

I think you're mistaken, while HIBP has a paid service it will provide data on affected domains for free. Source: I monitor my domain for free at HIBP.

9 October at 23:22 | Open on hachyderm.io
@pndc

@asteriske @haveibeenpwned It is free until spammers have poisoned their database with more than a handful of invalid addresses at your domain when trying to guess a valid address. And then the next time you get an email notification of a breach and click through, you will encounter a paywall instead of the details of the breach.

9 October at 23:36 | Open on social.treehouse.systems
varx/tech

@pndc It's very likely that you actually signed up for (free) monitoring some years ago and simply forgot about it.

I also have a single-user domain with a catchall address and signed up for free monitoring, and yes, I did bump up over the threshold into paid monitoring at some point. But I'm still the one who asked to be notified. Pretty sure that's what happened for you!

If you only have one real address at that domain, just subscribe for updates for that one address, and unsubscribe from the domain-wide ones. Then you should never see that email again.

@pndc It's very likely that you actually signed up for (free) monitoring some years ago and simply forgot about it.

I also have a single-user domain with a catchall address and signed up for free monitoring, and yes, I did bump up over the threshold into paid monitoring at some point. But I'm still the one who asked to be notified. Pretty sure that's what happened for you!

9 October at 23:40 | Open on infosec.exchange
Go Up