Post · bonfire.cafe

Bloody hell! If you have a personal domain name for a catch-all email address, it'll cost you £170 to monitor it on Have I been Pwned.

Probably reasonable if you're a business, but a bit out of reach for domestic use.

(No need to snitch-tag.)

Pwned 2
50RPM
$220
per year

50 email searches per minute
Up to 100 breached email addresses per domain — Pwned 2 50RPM $220 per year 50 email searches per minute Up to 100 breached email addresses per domain

Terence Eden

@Edent@mastodon.social replied · 2 weeks ago

If you use #BitWarden, please upvote this feature suggestion.

https://community.bitwarden.com/t/reports-catch-all-email-address-check-in-data-breach/90622

It will make it easie to report on which of your email addresses and usernames have been leaked.

Owen Blacker

@owenblacker@dataare.cool replied · 2 weeks ago

@Edent That's been merged into a related issue: https://community.bitwarden.com/t/data-breach-report-should-search-against-all-email-addresses-used-in-vault/16634

But apparently I don't have voting privileges yet, as a new user :(

But yes, definitely this, please. Other friends please go vote :)

Peter Upfold

@PeterUpfold@fosstodon.org replied · 2 weeks ago

@Edent It’s possible to do this slightly more cheaply (if you have a list of all the catch all addresses you’ve used) by querying the API, slowly, one-by-one for each address. Not ideal though.

Anselm Hannemann

@helloanselm@mastodon.social replied · 2 weeks ago

@Edent 5yrs ago I tried to run and search the databases on my own service. I now know that this service is incredibly expensive to run. Still you have a point on that one. But I guess that’s what you pay for convenience. 1Password and others would monitor your individual addresses if stored in a vault.

Ben Tasker

@ben@mastodon.bentasker.co.uk replied · 2 weeks ago

@neil @Edent I had a notification too (and do pay, but only because I was caught by this last time).

The Synthient one seems to be an amalgamation of other lists, so odds are whatever email address is affected is one that you'd already have known about through HIBP (the ones flagged on mine were all involved in earlier breaches)

Which *does* mean that subscription feels lower value this morning 😀

Simon Greenwood

@simon@gotosocial.grnwds.uk replied · 2 weeks ago

@Edent
HIBP has an API service that quite a few applications use but I would imagine it's rate limited for non-paid use.
@Waf @neil

Terence Eden

@Edent@mastodon.social replied · 2 weeks ago

@Waf @neil
Interesting. BitWarden does something similar, but I think you have to manually check each email - it doesn't do catch-all scanning.

Mind you, it has just shown me 60 exposed passwords 😱

Steve Hill 🏴󠁧󠁢󠁷󠁬󠁳󠁿🇪🇺

@steve@mastodon.nexusuk.org replied · 2 weeks ago

@Edent @neil TBH I'm mot sure how useful the service is. I mean, yes it tells me that my email address is in a bunch of breaches, but it doesn't seem to me like there is much I can do to respond?

data af

@Waf@dataare.cool replied · 2 weeks ago

@neil @Edent that’s more than twice as expensive than the Watchtower service provided with 1Password subscription which scans all you creds for compromises (in a way I am assured is privacy preserving) using HIBP, and it does so using your email provided by the service—so every catch all email instance you’ve manifested gets checked.

I’m impressed it’s that pricy.

Terence Eden

@Edent@mastodon.social replied · 2 weeks ago

@neil yeah, that's what made me look.
It isn't a *hard* upsell. But it basically says "you're on the free plan so can only see how many breaches there were."

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.0 no JS en

Automatic federation enabled