I received an email from HaveIBeenPwned informing me about a data breach at CarGurus that affected 12 million email addresses, including mine. The email mentions that sensitive information like names, phone numbers, and physical addresses may have been compromised. I'm feeling anxious because I'd like to see the actual data that was published about me to determine my risk. It's possible that I didn't share my physical address or that I used a fake name, and I want to know how serious this breach is for me. However, when I log into HaveIBeenPwned, I can't find any option to view my specific data. Why can't I see it? Is there a specific reason for this, or am I missing something?
4 Answers
HaveIBeenPwned doesn't actually store the leaked data itself, only the email or username linked to the leak. They avoid storing personal info to steer clear of legal issues. So while they notify you about breaches, you won't see any personal data. The goal is more to alert you to potential exposure rather than give specific details about compromises.
HaveIBeenPwned is cautious about exposing leaked data because of potential legal implications. Even if they know your email, revealing specific details could be problematic for them. Try checking your account with CarGurus directly; your sign-up name might give you clues about the data they have.
It's practically impossible for HaveIBeenPwned to keep track of every single bit of hacked data. Plus, if they ever got hacked themselves, it would be a huge problem for them. They focus on protecting user privacy instead.
And remember, that's against lots of legal regulations! They can't just hand out data to anyone.
You could also look for forums where people share or sell these types of data breaches. Some offer ways to access the leaked info directly, but it's a riskier route to take!
Yeah, and even if they could show the data, verifying ownership would become a massive headache for them legally.