top | item 44102488

(no title)

Rychard | 9 months ago

If they already have your password (i.e. it has been compromised) there is no social engineering taking place.

In fact, they're doing the honorable thing and not simply trying the credentials to see if they work.

discuss

I think what they're saying is that someone could pretend to be a researcher and ask for passwords to confirm that they match what was found in some fictional breached data.

OneMorePerson|9 months ago

If I'm reading it right the part about them confirming that the records contained the password implies that they were given the relevant record and then they confirmed it was accurate, not that they were just asked "hey what is your password"