Use the “passwords” feature to check if one of yours is compromised. If it shows up, never ever reuse those credentials. They’ll be baked into thousands of botnets etc. and be forevermore part of automated break-in attempts until one randomly succeeds.
That’s not how it works
It’s exactly how it worked. A company called synthient made a master list with all the leaked emails + all leaked passwords. Then they were hacked and it leaked
Synthient wasn’t hacked, as a security company, they aggregated tons of stealer logs dumped to social media, Telegram, etc.
They found 8% of the data collected was not in the HIBP database, confirmed with some of the legitimate owners that the data was real.
They then took that research and shared it with HIBP which is the correct thing to do.
I was also thrown off by the title they gave it when I first saw it, a security company being hacked would be a terrible look. but they explain it in the article. Should probably have named it “list aggregation” or something.
Someone should make a list of all the leaked credentials that got leaked.
But then nothing has changed if they were just collating what was already leaked.