Talk:Have I Been Pwned?

Thoughts on primary sources
At this moment, three of the six references for this article are primary sources -- specifically, posts from the blog of Troy Hunt (HIBP creator). This looks like an issue, but actually, these sources are primarily for verifying trivial information. One of them verifies the precise site launch date, one of them verifies the month when pastebin monitoring was added, and one of them verifies that AdultFriendFinder was also marked as a "sensitive breach" at the same time as Ashley Madison. These facts are so trivial that I think they could probably go without any citation at all (because simple uncontested facts often don't need sources), but those blog posts are somewhat significant to the history of HIBP, and I think a reader might find value in being able to easily reach them from this article.

Anyway, that's just my two cents on why this article has such a high percentage of primary sources, and why I don't think it's necessarily a bad thing. I welcome any debate about this though (this is a talk page, after all). Cheers, Iago Qnsi  (talk) 15:10, 21 March 2016 (UTC)

Premature Good Article nomination
I just noticed that this had been nominated for Good Article status. To my eye, and based on the GA criteria, this is far from what Wikipedia objectively considers a Good Article. It would be assessed at Start Class, perhaps C-class (see WP:ASSESS). I would like to suggest that the nomination be withdrawn (just delete the template from this page). Thank you. BlueMoonset (talk) 17:17, 4 April 2016 (UTC)
 * Sorry, IagoQnsi, I should have pinged you when posting the above. My apologies. BlueMoonset (talk) 22:20, 4 April 2016 (UTC)
 * Thanks Blue, I'll work on improving it. Cheers, Iago Qnsi  (talk) 00:08, 5 April 2016 (UTC)

Move article (to Have I been pwned?)
Have I been pwned? themselves write Have I been pwned?, not Have I Been Pwned?, as seen on their website and their social network accounts. I can change the article content, but cannot move the article to Have I been pwned? 185.189.112.78 (talk) 18:07, 7 October 2017 (UTC)
 * I have reverted this title change per MOS:CT. We could perhaps add a note in the lead section that the title is styled "Have I been pwned?" or "have i been pwned?", but the title should remain capitalized as "Have I Been Pwned?". - Iago Qnsi (talk) 19:42, 8 October 2017 (UTC)

Article Misleading and Inaccurate
There are some major flaws to both 'Have I been Pwned' and this article.

The article states:

1) "is a website that allows internet users to check if their personal data has been compromised by data breaches"

2) "allows users to search for their own information by entering their username or email address."

3) "The site has been widely touted as a valuable resource for internet users wishing to protect their own security and privacy"

Some major issues arise from these lines of text

a) It is actually a website that allows internet users to check if anyone's personal data has been compromised by data breaches

b) the site is therefore in fact a huge danger to those contained within it and effects their security and privacy negatively

Hackers leverage information from the site in order to locate where a target victim's information can be found. Given that the site allows anyone to search for anyone elses information this is a major security flaw.

Some hacking software even allows this to be done automatically.

For instance if a hacker wants to acquire the password for johndoe@gmail.com they can enter that information into the search bar... and they (despite not been John Doe) are furnished very easily and cheaply with the location of John Doe's password credentials and can within only a few minutes access that information.

The site is very obviously a threat to everyone's security and privacy and mention should be made of this along with the inaccuracy corrected that the service is only used by the general public to search for their own information.

There are numerous references to back up my claim that this flaw is been taken advantage of. Such as: https://null-byte.wonderhowto.com/how-to/find-hacked-accounts-online-part-1-haveibeenpwned-0164611/ Which directs users to "f you are searching for a specific email address try the regular search on haveibeenpwned otherwise if you just want get your hands on any hacked accounts just open Latest Pastes page on haveibeenpwned. https://haveibeenpwned.com/Pastes/Latest. This page lists various pastes online which contain email addresses and passwords. Just click on the paste and voila you'll get loads of information. "

Other articles detail software that hackers can use to automatically check hundreds of accounts (none of which will be their own) to nefariously acquire the account's password for illegal purposes. — Preceding unsigned comment added by Uche Tobias (talk • contribs) 14:32, 1 September 2019 (UTC)

I found 2 similar URLs
The page "*';--have i been pwned?"

Probably the "original" page is https://haveibeenpwned.com/

and an almost identical address https://havelbeenpwnd.com/ - an "L" instead of "i" - an "e" is missing from pwnd — Preceding unsigned comment added by 212.51.136.62 (talk) 23:00, 22 December 2021 (UTC)