Hello fellow secure password users! With all the data breaches going around every week in the infosec world, you have a high percentage that your password is on the internet somewhere at some time. Most of these password dumps likely contain your old password if you changed it like the good security expert you are.Now say you want to know if your password is in a database somewhere, well we can check haveibeenpwned just for that purpose! Haveibeenpwned is a website where you can search by email address to see if your password has been on multiple data breaches. They also have a service to let you know if your password or email is in a dump when new dumps come out! They will email as soon as they see your email attached to any breach.
That's awsome dude! But wait? What if I want to actually see the data breach and download it? Is it illegal to download? Well, my security friends that would be a grey area according to most security researchers and lawyers. I did find this article claiming according to lawyers there should be no problem with looking at the data as long as your not doing anything mischievous with it of course!
Cool man! Alright, so I want to download some databases and find out if my passwords in there and my moms and my dogs old Myspace account!
Well the problem is finding this information is kind of tricky online, so I've done some work for you!
Pastebin is a site where everyone can paste their code for the world to share. Using Tor or a VPN can make this anonymous.
Head on over to https://pastebin.com/AqvgRmjx and you will find some torrent leaks to download the databases for Adobe, Patreon, Dropbox, Linkedin, and Myspace.
You can also find the controversial Ashley Madison dump here https://pastebin.com/wcsyErCR
Of course, I would recommend downloading these dumps through a VPN just to be on the safe side.