Millions Of Stolen Passwords Donated To Hack-Checking Site

Share post:

The National Crime Agency (NCA) of the U.K. has donated around 225 million unique passwords to a cybersecurity project designed to protect users from hackers.

The list is now part of the free online service Have I Been Pwned (HIBP), which allows anyone to search hundreds of millions of passwords to see if they are already being used by criminals.

Troy Hunt, the security researcher who runs the site, said it now has a “pipeline” feature for law enforcement to add passwords they have recovered to the free online service.

“During the course of their investigations, they come across a lot of compromised passwords, and if they were able to continuously feed those into HIBP, all the other services out there using Pwned passwords would be able to better protect their customers from account takeover attacks, ” Hunt said.

An attack on an account occurs when a hacker obtains the username and password for an online service and is able to take control of the account.

Hunt also said that the U.S. FBI and the U.K. NCA are now able to contribute to the open-source systems his team has built, and thanked the NCA in particular for the “donation” of 225 million new passwords.

The NCA urges users to search the website for their own passwords. If the password appears in the database, the user is strongly advised to change it, as this means his account is already in the hands of cybercriminals.

NCA’s National Cyber Crime Unit officer Chris Lewis-Evans said the large list of compromised passwords was the largest ever recovered by the NCA – more than two billion pairs of emails and passwords.

These 225 million passwords now comprise the “donation” to HIBP.

For more information, read the original story on the BBC.

SUBSCRIBE NOW

Related articles

Sleeper Supply Chain Attack Activates After 6 Years

A coordinated supply chain attack has compromised between 500 and 1,000 e-commerce websites by exploiting vulnerabilities in 21...

Russian-Controlled Open Source Tool Raises Alarms Over U.S. Cybersecurity

A widely used open-source Go library, easyjson, used in healthcare, finance and even defence has come under scrutiny...

Signal Archiving Tool Used By Trump Admin Is Breached, Raising Alarms Over Messaging Security (EDITORIAL)

(EDITORIAL) A messaging tool used by Trump administration officials to archive encrypted Signal messages has been hacked —...

Anthropic Warns: AI “Virtual Employees” Could Pose Security Risks Within a Year

Anthropic, a leading artificial intelligence company, anticipates that AI-powered virtual employees could begin operating within corporate networks as...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways