If I understood the follow up blogpost right, it states that there is a lot of email adresses where the only hit is the email domain so they are filtering away that as false positives. Not all stolen credentials are properly aligned and encoded with ; on the correct place I guess :-)
There might be a lot less gmail adresses showing up as pwned now.
No comments yet.