I was recently working on a requirement to log the number of breached sites a password appeared on when customers were registering (if that password had been breached at all) Importantly, we are not logging the breached password itself (nor the hash of the password) – just the number of breaches that particular password appeared in (as per the Pwned Passwords data set) So, to log this, I’m...
Reversing hashes of PwnedPasswords api using number of breaches
R