Re: Massive Password Leak!
It might become obvious if an e-mail password had been obtained or cracked because people would start getting e-mails from the cracker pretending to be you. Not that e-mail passwords aren't cracked but I think these detector sites can't determine if they have been.
I think what they can find is if an e-mail address has ended up with people/businesses that you didn't give it to and let you know about that. They
might also gather the e-mail address typed into the search (more spam?).
For those deciding to use this detector, if it does come up with a breached data message, it might be best to change the password anyway because we should probably all do that once in a while. Of course, there is no way the site is going to know what the new password is so no danger in that respect, even if it is thought they could have detected that the original password had been exposed.
I have used the detector site and put in an email address that I know has been sold or passed to other businesses. It tells me data has been leaked. I changed the password for the account and tried the email address again. Still tells me the account is bad. This kind of reinforces the belief that only the email address and not the password has been exposed.