Reply to post: Does a password found on "Have I Been Pwned?" actually indicate *it* was breached?

Bombshell discovery: When it comes to passwords, the smarter students have it figured

John 48

Does a password found on "Have I Been Pwned?" actually indicate *it* was breached?

I may be misunderstanding this, but I was under the impression that if a set of access credentials are listed on Troy's site, it generally indicates that the credentials were collected from a compromised web server or similar. I.e. the presence on the list alone can't be taken as an indication that the credentials themselves were necessarily weak, just that in many cases they were inadequately protected by a site that was hacked.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021