The UK’s National Cyber Crime Unit has shared nearly 586 million passwords with the data breach search engine Have I Been Pwned. These passwords were found during an investigation into criminal activity. Nearly 226 million passwords were new to HIBP. Compromised passwords found by the FBI are now also added to the Have I Been Pwned dataset. This has been cited by the administrator of HIBP, Troy Hunt, in a blog post.
Hundreds of millions of passwords found
The NCCU has found hundreds of millions of passwords on a UK cloud storage service during an investigation into criminal activity. These passwords were linked to email addresses. It is not known who placed the data on the cloud storage service. The data could be used by criminals to commit fraud.
The passwords that the NCCU found could not be attributed to one company or platform. That’s why NCCU chose to share the passwords with the Have I Been Pwned website.
Have I Been Pwned?
The website Have I been Pwned is known for its database where you can check if your email address has ever been leaked in a hack. The website also has a searchable database of stolen passwords. The database contains hundreds of millions of passwords that were made public during leaks. You can check in the database whether your password has fallen into the wrong hands. If you have been a victim of a hack, it is important to change your passwords.
The NCCU has shared more than 585.5 million passwords with the Pwned database. More than 225 million passwords were new to the Have I Been Pwned database. By sharing the passwords with HIBP, as many victims as possible can be informed of the theft.
The passwords can also be seen in the Pwned Application Programming Interface (API). Allows users to retrieve data from the database. Organizations can use these to implement in their services. For example, administrators can see if a password that was previously leaked was used. Users can then choose a different password.
Troy Hunt has announced that the service is completely open-source and that they have also partnered with the Federal Bureau of Investigation. Compromised passwords found by the FBI also become available for the Pwned Passwords. In July this year, Troy Hunt also announced a collaboration with the National Cyber Security Center (NCSC). The NCSC has been given access to the API and can monitor whether e-mail addresses of civil servants or politicians exist in the database.
Catch up on more articles here
Follow us on Twitter here