Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I wouldn't be comfortable doing this, for one thing, we know people tend to re-use passwords. So any email/password info you collect should be treated with security like they just gave you their bank login, because some of them did. So then Troy has to report himself to his own service (haveibeenpwned).


the article goes into detail to explain how only spammers have a key to the api which logs that data


They’re still people though.

Is punishing spammers for what they’ve done a helpful thing to do? Sure. Are spammers deserving of having their whole digital lives compromised? I don’t know.


"they're still people", indeed I hope so, or else either the animals or the machines are spamming us on their own somehow ;)

they're still spammers, though, and yeah, I totally think they deserve this


> Are spammers deserving of having their whole digital lives compromised?

Yes


Update, I see only the passwords are logged and not the emails, but still not great.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: