[HN Gopher] Have I Been Pwned 2.0 is Now Live
___________________________________________________________________
Have I Been Pwned 2.0 is Now Live
Author : LorenDB
Score : 102 points
Date : 2025-05-19 21:37 UTC (1 hours ago)
(HTM) web link (www.troyhunt.com)
(TXT) w3m dump (www.troyhunt.com)
| mNovak wrote:
| Is there a term for this trend in web design, with defaulting to
| dark mode and having slick gradients everywhere?
| aetherspawn wrote:
| I think GitHub kinda did it first on their desktop home page,
| but that has been out for years.
| MarcelOlsz wrote:
| I feel like that was a subtype within the style that Stripe
| popularized.
| kevinsundar wrote:
| It was first popularized by Linear
|
| https://medium.com/design-bootcamp/the-rise-of-linear-style-...
| standardUser wrote:
| It shows you a vertically scrolling timeline (with logos and
| blurbs) of all the data breaches that have exposed your email.
| How delightfully horrifying.
| MattSayar wrote:
| Makes me feel a little powerless. The only thing I can really
| do is freeze my credit
| SLWW wrote:
| what?
|
| Why not just use different passwords for different things.
| I'd recommend something like privacy.com so you can generate
| a bunch of one-use cc cards when doing shopping on sites you
| don't trust and the like.
|
| Also don't willingly give up valuable personal information
| unless it's absolutely necessary, it's also not illegal to
| give online services outright false information (incorrect
| birthdates for example) which, in the event of a future data
| breach of that service, now at least those who would plan to
| benefit from your personal information might have some
| difficulties resetting important accs and the like.
|
| You just gotta be smart, it's not about being powerless, HIBP
| and the service is just one tool to make you aware of what's
| out there before it gets used against you. (I would highly
| recommend setting up notifications for important e-mail
| addresses)
| rasz wrote:
| Uncaught (in promise) Error: Invalid response from fetch: 401 -
| at emailSearch.ts:295:19 at async
| HTMLButtonElement.<anonymous> (emailSearch.ts:43:23)
| dsissitka wrote:
| > But now it's on a timeline you can scroll through in reverse
| chronological order, with each breach summarising what happened.
|
| Maybe I'm reading it wrong but it looks like it might be a little
| off. I get:
|
| - October 2013
|
| - June 2008
|
| - ...a bunch more...
|
| - November 2021
|
| - December 2020
| AdamH12113 wrote:
| Amazing that even within the last decade a site as large as
| LinkedIn could be storing unsalted passwords. How does anyone
| fail at this in the modern era?
| mschuster91 wrote:
| > How does anyone fail at this in the modern era?
|
| Most probably some ancient legacy mainframe or whatnot other
| integration that nobody really has the time and budget to clean
| up and migrate to something more modern.
|
| The larger the company, the larger the risk for ossification of
| anything deemed "business critical" because even a minuscule
| outage of one hour now is six if not seven figures worth of
| "lost" time.
| fwip wrote:
| LinkedIn isn't old enough to have anything ancient. It was
| launched in 2003, and even then you'd get laughed at for
| suggesting storing passwords in plaintext.
| korm wrote:
| They must have not asked enough Leetcode Hard questions in
| interviews.
| Svoka wrote:
| I am stealing this. Made my day :)
| 85392_school wrote:
| Does anyone else feel like the new design feels less trustworthy?
| I've probably just been conditioned on too many templates that
| all look the same, and there's nothing inherently wrong with it,
| yet it makes me wonder if I've accidentally opened a ripoff
| instead of the real thing.
| pocketarc wrote:
| No, I agree. This new version looks like someone using a cheap
| template with cheap gradients (I don't know how else to
| describe the gradients), and it immediately makes it look less
| trustworthy.
| ryandrake wrote:
| Yea there is something about that very common visual pattern
| that subjectively makes me think "yet another exploitative
| modern website that looks like it's harvesting E-mails for a
| newsletter or shady leadgen business."
| nipperkinfeet wrote:
| Too much scrolling. I prefer the old page.
| gpi wrote:
| Feels like doom scrolling
| mslev wrote:
| The new design looks great, and I always love following Troy's
| updates (although sometimes with semi-morbid curiosity).
|
| I do find the timeline to be a little confusing- it seems to be
| ordered from earliest breach to most recent, but the dates on the
| timeline don't match that, as they seem to be when the data was
| leaked?
|
| Display: breach date Ordering: breach published date?
|
| I think it might be clearer to order + display the published
| date, and in the cards themselves show the breach date in a
| standard way.
| CobrastanJorji wrote:
| Very cool.
|
| Small bug report: I've been pwnd a few dozens times, and my
| timeline is not in calendar order. I see Adobe (October 2013),
| then LinkedIn (May 2012), then Dropbox (June 2012), then Lastfm
| (March 2012), then some 2016 ones, then Kickstarter in 2014, and
| then after that they start being more in order of the listed
| dates.
| neilv wrote:
| He should partner with a law firm, for class action lawsuits, for
| every breach due to negligence (which is probably all of them).
|
| Tie in to a banking service, so you can do direct deposits to
| many millions of people, every time there's new settlements paid,
| and you'll be a folk hero.
|
| Get lawyers who want negligent companies to actually regret the
| breaches, with judgements that hurt. (Rather than a small
| settlement that gets lawyers paid, but is only a small cost of
| doing business, which is preferable to doing business
| responsibly.)
|
| Optional: Sell data of imminent lawsuits, to an investment firm.
|
| Though, ideally, investors won't need this data, since everyone
| will know that a breach means a stock should take a hit. Isn't
| that how it should be.
| charcircuit wrote:
| This new design no longer links to the pastebins you were
| included in.
| tech234a wrote:
| I regularly use plus codes on my email addresses when I sign up
| for services, is there a way to search for an email address and
| all associated plus codes? Last I checked I couldn't find that
| functionality.
| jsheard wrote:
| If you use a custom domain, in the dashboard you can claim the
| whole domain and see every breach for every address under it.
| Otherwise I don't think so.
| Buttons840 wrote:
| A lot of companies I've never heard of before are leaking my
| data. :(
|
| Can we make it so that companies I've never heard of before don't
| have my data in the first place?
___________________________________________________________________
(page generated 2025-05-19 23:00 UTC)