Millions Of Stolen Passwords Donated To Hack-Checking Site

Share post:

The National Crime Agency (NCA) of the U.K. has donated around 225 million unique passwords to a cybersecurity project designed to protect users from hackers.

The list is now part of the free online service Have I Been Pwned (HIBP), which allows anyone to search hundreds of millions of passwords to see if they are already being used by criminals.

Troy Hunt, the security researcher who runs the site, said it now has a “pipeline” feature for law enforcement to add passwords they have recovered to the free online service.

“During the course of their investigations, they come across a lot of compromised passwords, and if they were able to continuously feed those into HIBP, all the other services out there using Pwned passwords would be able to better protect their customers from account takeover attacks, ” Hunt said.

An attack on an account occurs when a hacker obtains the username and password for an online service and is able to take control of the account.

Hunt also said that the U.S. FBI and the U.K. NCA are now able to contribute to the open-source systems his team has built, and thanked the NCA in particular for the “donation” of 225 million new passwords.

The NCA urges users to search the website for their own passwords. If the password appears in the database, the user is strongly advised to change it, as this means his account is already in the hands of cybercriminals.

NCA’s National Cyber Crime Unit officer Chris Lewis-Evans said the large list of compromised passwords was the largest ever recovered by the NCA – more than two billion pairs of emails and passwords.

These 225 million passwords now comprise the “donation” to HIBP.

For more information, read the original story on the BBC.

SUBSCRIBE NOW

Related articles

Russian State-Backed Cyber Attack Exploits Zero-Day Vulnerabilities in Windows and Firefox

Headline: A sophisticated cyberattack leveraging two chained zero-day vulnerabilities in Mozilla Firefox and Microsoft Windows has been confirmed by...

Starbucks Forced to Pay Baristas Manually After Ransomware Attack

A ransomware attack on Blue Yonder, a third-party scheduling software provider, has disrupted Starbucks’ ability to manage employee...

Google Launches Free Cybersecurity Certificate for Entry-Level Jobs

Google has introduced a new Cybersecurity Professional Certificate, aimed at preparing students for entry-level roles in just six...

Critical Vulnerability Leaves Millions Of Sites Vulnerable To Takeover

A severe authentication bypass vulnerability has been discovered in the WordPress plugin "Really Simple Security" (formerly *Really Simple...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways