It's interesting what HIBP reveals about both attackers and defenders.
HIBP held a long randomly generated password I used exclusively on tvtropes. It was in plaintext in a pw dump, suggesting they weren't even hashing at the time.
I contacted tvtropes a few times but got ignored with no announcement.
It's not a banking site, not sure what we should expect. But given compelling evidence of a breach and making no announcement to users seems irresponsible.
HIBP held a long randomly generated password I used exclusively on tvtropes. It was in plaintext in a pw dump, suggesting they weren't even hashing at the time.
I contacted tvtropes a few times but got ignored with no announcement.
It's not a banking site, not sure what we should expect. But given compelling evidence of a breach and making no announcement to users seems irresponsible.