Millions Of Stolen Passwords Donated To Hack-Checking Site

Share post:

The National Crime Agency (NCA) of the U.K. has donated around 225 million unique passwords to a cybersecurity project designed to protect users from hackers.

The list is now part of the free online service Have I Been Pwned (HIBP), which allows anyone to search hundreds of millions of passwords to see if they are already being used by criminals.

Troy Hunt, the security researcher who runs the site, said it now has a “pipeline” feature for law enforcement to add passwords they have recovered to the free online service.

“During the course of their investigations, they come across a lot of compromised passwords, and if they were able to continuously feed those into HIBP, all the other services out there using Pwned passwords would be able to better protect their customers from account takeover attacks, ” Hunt said.

An attack on an account occurs when a hacker obtains the username and password for an online service and is able to take control of the account.

Hunt also said that the U.S. FBI and the U.K. NCA are now able to contribute to the open-source systems his team has built, and thanked the NCA in particular for the “donation” of 225 million new passwords.

The NCA urges users to search the website for their own passwords. If the password appears in the database, the user is strongly advised to change it, as this means his account is already in the hands of cybercriminals.

NCA’s National Cyber Crime Unit officer Chris Lewis-Evans said the large list of compromised passwords was the largest ever recovered by the NCA – more than two billion pairs of emails and passwords.

These 225 million passwords now comprise the “donation” to HIBP.

For more information, read the original story on the BBC.

Featured Tech Jobs


Related articles

Cyber Security Today, April 24, 2024 – Good news/bad news in Mandiant report, UnitedHealth admits paying a ransomware gang, and more

This episode reports on the danger of using expired open-source packages, a tool used by a Russian hacking group and passw

Google Play introduces new biometric verification with a user warning

Google has recently announced updates to the biometric verification process for Google Play purchases, aiming to bolster security...

Cyber Security Today, Week in Review for week ending Friday April 19, 2024

On this episode Jen Ellis, co-chair of the Ransomware Task Force, talks about ways of fighting one of the biggest cyber threats to IT d

Cyber Security Today, April 19, 2024 – Police bust phishing rental platform, a nine-year old virus found on Ukrainian computers, and more

This episode reports on a threat actor targeting governments in the Middle East with a novel way of hiding malware is going international

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways