So I just searched my email on HIBP again. Most of the leaks I see there were from old websites I hardly cared about securing from many years ago. But, in general, how do I find out what has actually been leaked (if it's not website specific)?
I'm not going to change all of my passwords every time a random website that I used briefly ten years ago leaks my low effort password.
There are sites for searching for your (or anyone else's) publicly revealed information, but the one free one I knew of was forced offline.
Downloading the datasets--there are so many with so few options to obtain them. The mega-compilations likely won't include everything, either, like your license plate numbers or all your compromised addresses, nor the site from which hackers stole it.
So basically don't bother. If you want the same experience, open up notepad, HIBP, and your password manager, and make a little doxx file on yourself, in CSV or JSON.
I use separate emails for all accounts and that get's me in trouble when companies "consolidate" accounts because "everyone uses the same email for all accounts". Your good idea might be true, practice is not.
The parent was talking about different passwords, not different emails. But I'm curious, what does it mean for a company to consolidate accounts? How would that be done to your separate accounts automatically, and what trouble does it cause? And what is the normal case where people have multiple accounts all with the same email?
I just don't understand the circumstance you're describing.
Exactly! Then you write each password down in your notebook of passwords and pat yourself on the back for how hard it would be to compromise all your accounts in one go ;)
I'm not going to change all of my passwords every time a random website that I used briefly ten years ago leaks my low effort password.