Translation: We don’t actually want to keep spending time, money, and resources on this.
This is one where I don't blame them for killing it because "it" wasn't really even a product -- it was just a very basic, not useful at all, report.
I have a common name Gmail account. The password is rather complex and I would be surprised if it leaks as only I and Google know it. However, I would get reports that it’s on the dark web with blanked out password values. So I never knew if they actually compromised or just something else.
They would also report when some random site that used my Gmail address as user id was on the darknet that I don’t care about. I don’t care if my fidofido account is leaked. I never use it and if I did, then I would reset.
I think if the data were useful Google would have kept this up.
I bet they keep tracking though, just keep the reports internal.
The worst part is, it was an email address I hadn't used in about 10 years, and they wouldn't let me take it out of the report.
There are tens of services where I'd like it disposable, but hundreds of services where account is warranted. And some of those thousands will be compromised some day.
What are the common two-letter first or last names?
I remember email and phone being the major ones. A kind of improved haveibeenpwned
such a product must be crafted to mitigate its own abuse, as well as the original problem.
Alternatives: haveibeenpwned.com (free), 1Password Watchtower, Bitwarden breach reports.
The harder part isn't knowing about breaches—it's actually rotating passwords afterward. Most people know they should but don't because it's tedious.
Automated rotation tools are emerging but need careful security architecture (local-only, zero-knowledge) to avoid creating new attack vectors.
9dev•15h ago
moebrowne•15h ago
sunaookami•14h ago
mungoman2•9h ago
alex1138•9h ago
extraduder_ire•6h ago
I know it's still active because I see someone with that handle posting on bluesky regularly.