@Edent It’s possible to do this slightly more cheaply (if you have a list of all the catch all addresses you’ve used) by querying the API, slowly, one-by-one for each address. Not ideal though.

@Edent 5yrs ago I tried to run and search the databases on my own service. I now know that this service is incredibly expensive to run. Still you have a point on that one. But I guess that’s what you pay for convenience. 1Password and others would monitor your individual addresses if stored in a vault.

@neil @Edent I had a notification too (and do pay, but only because I was caught by this last time).

The Synthient one seems to be an amalgamation of other lists, so odds are whatever email address is affected is one that you'd already have known about through HIBP (the ones flagged on mine were all involved in earlier breaches)

Which *does* mean that subscription feels lower value this morning 😀

@Edent
HIBP has an API service that quite a few applications use but I would imagine it's rate limited for non-paid use.
@Waf @neil

@Waf @neil
Interesting. BitWarden does something similar, but I think you have to manually check each email - it doesn't do catch-all scanning.

Mind you, it has just shown me 60 exposed passwords 😱

@Edent @neil TBH I'm mot sure how useful the service is. I mean, yes it tells me that my email address is in a bunch of breaches, but it doesn't seem to me like there is much I can do to respond?

@neil @Edent that’s more than twice as expensive than the Watchtower service provided with 1Password subscription which scans all you creds for compromises (in a way I am assured is privacy preserving) using HIBP, and it does so using your email provided by the service—so every catch all email instance you’ve manifested gets checked.

I’m impressed it’s that pricy.

@neil yeah, that's what made me look.
It isn't a *hard* upsell. But it basically says "you're on the free plan so can only see how many breaches there were."