"Have I been pwned" is unusable for me now

I've been using the Have I been pwned data breach information service since many years. After a failed attempt to sell the project, payment was introduced: First the API and now domain search.

"Domain search" means that I can see all e-mail addresses from my domain "cweiske.de" that were found in data breaches, and not only search for individual addresses.

20+ family members have an e-mail address on my server, and I use sub-addressing for nearly all services: Whenever I subscribe to a service "example.com", I register with the email address username+example.com@cweiske.de. In the case of a breach and even with spam, I do know where my e-mail address was gotten from.

This means that I have hundreds of unique e-mail addresses, and some of them are in data leaks.

With the HaveIbeenPwned pricing structure, I would have to pay 16.95 USD per month to see which e-mail addresses have been leaked. As a private person, this is way too much.

Now I'm in the situation that HIBP sends me e-mails about breaches on my domain:

An email on cweiske.de has been pwned in the Telegram Combolists data breach

.. but I have to pay to see which e-mail is affected.

So long, and thanks for all the fish.

Written by Christian Weiske.

Comments? Please send an e-mail.