I work in a company that has a few million email addresses in its database. I’ve started using haveibeenpwned to monitor our internal distribution lists (e.g. *[email protected]*). If one of those has been breached, there’s a decent chance the hackers got it from us.
Now that I’m learning the haveibeenpwned API, I’m wondering if there would be value in setting up our server to continually check a sample of our customer email addresses. If we see a bunch of our customers showing up on a small paste, it could be a sign that we may have been breached.