Every time something like this is posted, where there is a site to check if your email address is in some leaked list, I really wish they'd just tell me how to get the list itself. Instead, they ask me to trust that they will not use my email address, and I have to hope that they won't leak it.
I generally don't bother, because it's just more security risks.
It could be even more dangerous than you are imagining.
If you check a username, then you would probably also be revealing the IP address range and browser referrer that is normally used to access your account.
Google uses IP address and location to help detect illegal access. So giving away this information could make it easier for your account to be stolen.
Of course not. He's going to go botnet shopping and try to log in through a compromised machine with an IP address in the same town, in the same address range.
He might even be able to use the same IP as you, if you happen to be using a gateway with many machines behind it, and one of them is compromised.
"If you don't like to specify your full email address for any reason, you can replace up to 3 characters with asterisk sign (e.g., for myaccount@gmail.com enter myac*nt@gmail.com), thus we'll show you a count of matches for this pattern. We respect your privacy."
Only up to 3 characters? Why 3? Especially since it's an email address and not a random string, which limits the possibilities for the 3 missing characters. This looks like it's giving more info than you'd think to a dodgy website...
Wget and grep would be more likely to be used - but in answer to your question: yes, in a case like this.
Let's do some quick back-of-the-envelope math. 5M addresses, with very few longer than 25 characters. Let's say the average is around 17 characters. 17 * 5 * 10^6 = 35 * 10 ^7 = 3.5 * 10^8 bytes, or 350MB. Text generally compresses to 1/8 space with zlib, so the amount to transfer would be about 44MB, at most. Serving the list as xz compressed file could probably cut the size down to below 40MB.
In the age of 100MB youtube videos, that doesn't sound like much to me.
i sure hope you are beeing sarcastic, if not, consider this: it is possible to use javascript to override ctrl+f or other keystrokes. if that site would have displayed the list, and someone used ctrl+f on it, they could have simply used such a technique to add your input to the list to generate positive findings on the fly.
you should reconsider this, because it is possible to use javascript to override ctrl+f or other keystrokes. if that site would have displayed the list, and someone used ctrl+f on it, they could have simply used such a technique to add your input to the list to generate positive findings on the fly.
I generally don't bother, because it's just more security risks.