Nerdy leaked passwords:
Treebeard - “This password has been seen 1,207 times before in data breaches!”
NedStark - 20 times
CerseiLannister - 30 times
youknownothingjonsnow - 61 times
PicardIsSexy - 0 times (!The_Picard_Maneuver@piefed.world you’re safe. ;)
edit:
Gandalf1 - 53,478
Gandalfthewhite - 51
sexygandalf - 6
NSFW leaked passwords:
spoiler
bigdick - 178,712 (!?!)
bigpussy - 9,226
longpussy - 26
longdick - 10,762
wetpussy - 61,575
wetdick - 579
twat - 6,588
dickhead - 201,942
Blueballs69 - 520
Weird leaked passwords:
BillClinton - 378
DonaldTrump123 - 792
youwillneverguessmypassword - 390
redgreenblue - 2,040
123qweasdzxc - 1,010,515
poopstick - 6,845
((More to come later))
For those worried about inputting a password into a tool like this, they’ve actually done a great job keeping your pass secure.
Passwords entered on this site do not get transmitted to the server. Instead, they are hashed, then only the first half of the hash is sent to the server. The server replies with a list of every password hash they’ve found in leaks that match the partial hash you sent them. Your computer then looks through the list and tells you if the password you entered (which was kept on your pc, not transmitted) exists in that list.
From Haveibeenpwneds perspective; they sent you a big list of potential matches, but don’t know which one if any actually matches your password, because they were never given the full hash, let alone the raw password.
There’s even an open-source script you can run that does this within a console instead of a browser. Or, you can download their whole password DB via their github tools, then check it entirely offline.
So, a malicious JavaScript library update then…
The open-source local script might be better, I’ll have to check into that!
You could say the same about every password entry field; but that’s why there are local/alternative options here.