Comparing Have I been Pwned / Dehashed / LeakCheck.net – Digitalmunition




m6utGLyETTtc6mfvnXyl84M8g30BvilMwqDVmkJeGjQ.jpgautowebps81a654c5c5d236af4ec3478ee013a99beba1df7a.jpeg

Home Forums Comparing Have I been Pwned / Dehashed / LeakCheck.net

This topic contains 0 replies, has 1 voice, and was last updated by  anonymous 3 weeks, 4 days ago.

  • Author
    Posts
  • #283119

    anonymous
    Participant


    Recently I made a website comparing three services. What did I find?

    **1 -** Some breaches descriptions from Dehashed are clearly a copy paste from HIBP without attribution.

    **Example:** OGUsers (Data Breach in 2019) – Same Description (HIBP have links, Dehashed doesn’t)

    **2-** Dehashed in many cases has more entries than HIBP (Collection 1 its the worst difference by far).

    1,981,099,202 more leaked accounts in dehashed than HIBP.

    **3 -** Dehashed exposes more than just the password from the breach to anyone that pays. If someone with money wants to search your data leaked in internet and you didn’t request an entry deletion, he will find you by name / VIN / Phone / etc. I found someone from my family with the email / data / etc exposed, this could be used for doxing specific people that don’t know about these services.

    4 – [LeakCheck.net](https://LeakCheck.net) exposes the password from the breach and it has different entries from both services.

    5 – HIBP is really poor in what public leaks refers to, specially password leaks. I checked an old password leaked 8 years ago in a forum in HIBP and it was “Safe” according to them. The password in this case is “narrcetenak” and I was able to find it in [leakcheck.net](https://leakcheck.net) and dehashed leaked several times (Taringa / Dueling Networks , etc).

    If you want to access and insight of those services and comparision you can visit my webiste:

    [https://leakcheck.cc](https://leakcheck.cc) (We are not storing the databases, just using the apis the services provides plus some web-crawlers that allows to collect the info anyone can see in them).

    Conclusion.

    Don’t trust your password / email is safe just by checking it at [https://haveibeenpwned.com/Passwords](https://haveibeenpwned.com/Passwords) Your password could have been hacked years ago and still not in their search engine. Try our search engine with some mails from recent breaches you can find at RaidForums and you will see.

You must be logged in to reply to this topic.