UK Security Agency Shares 225M Passwords With 'Have I Been Pwned'
The UK's NCA and NCCU have shared 225 million stolen emails and passwords with HIBP, which tracks stolen credentials.
The UK's National Crime Agency (NCA) and National Cyber Crime Unit (NCCU) have contributed 225 million new compromised emails and associated passwords with Have I Been Pwned (HIBP), a free service that tracks stolen credentials so people can know if theirs have been breached.
During recent NCA operations, the NCCU's Mitigation@Scale team identified more than 585.5 million potentially compromised credentials (emails and associated passwords), which were in a compromised cloud storage facility. In a statement on HIBP, the NCA says analysis revealed the credentials represented an accumulation of known and unknown datasets.
"The fact that they had been placed on a UK business's cloud storage facility by unknown criminal actors meant the credentials now existed in the public domain, and could be accessed by other 3rd parties to commit further fraud or cyber offences," officials wrote.
NCCU officials reached out to Troy Hunt, the founder and CEO of HIBP, which already has 613 million passwords in its live Pwned Passwords service. Hunt imported and parsed out the NCA-provided dataset against the existing passwords and found more than 225.6 million new instances. Now, all passwords the NCA shared are now searchable in HIBP's live API.
Read more details here.
About the Author
You May Also Like
Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024Securing Tomorrow, Today: How to Navigate Zero Trust
Nov 13, 2024The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024The Right Way to Use Artificial Intelligence and Machine Learning in Incident Response
Nov 20, 2024