Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

So basically if I put somebody's email address I could know the sites they have logged in in the past?

And then I can use the leak and get access to their account? Shouldn't this information be mailed to the email address queried rather than displaying upfront



It’s already publicly available in the dumps Mozilla are searching on your behalf. They’re only making a front end to already public info.


As topranks mentioned, all this data is already available and anyone could download it.

However, in most leaks, you can't just use the information as the passwords are (hopefully) hashed/salted. That said, it is trivial to crack md5 if passwords are stored using that method.

Also, not all leaks contain passwords, some might just be lists of email addresses or other information.


This is about making is easier to attack a particular person, but privacy concern. Breaks the anonymity on internet.


The companies that were responsible for the data in the first place are ones to blame for breaking "the anonymity on internet".

Anything that anyone does after the fact is moot.


This is a fair point and it has to be weighed against the value of the data to the individual. I generally feel they have struck the correct balance but if you think different approach is warranted you should explain it and why it better balances these different needs.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: