The National Crime Agency of the United Kingdom has given over 585 million passwords to the Have I Been Pwned service, which allows users to see if their login information has been exposed online. This large collection has been uploaded to the Pwned Passwords repository, enabling users to search for hacked passwords, like passwords coming from the FBI.
The passwords collected by the NCA came from the agency’s National Cyber Crime Unit (NCCU), which obtained them during cybersecurity investigations. Troy Hunt, the Have I Been Pwned (HIBP) service developer, stated today that a batch of 225,665,425 passwords was discovered to be wholly fresh after importing and analyzing data from the NCA. Even if just half of the NCA password collection was put to the live Pwned Passwords database, Hunt claims it is still a significant contribution to a blog post published recently.
“Now, keep in mind that before today’s announcement, there were already 613M of them in the live Pwned Passwords service (and many millions more in my local working copy waiting for the next release), so the NCA’s corpus represented a significant increase in size” – Troy Hunt
Pwned Passwords, an initiative of HIBP, allows law enforcement organizations from across the world to share passwords discovered during investigations. Other services that use the Pwned Passwords API can safeguard their users from account takeover attacks.
According to the NCA, the credentials came from a cloud storage site belonging to a UK firm that unidentified individuals were using to deposit hacked login data. The passwords were obtained from several data breaches, and third parties might use them” to commit further fraud or cyber offences,” as per investigators. Due to NCA’s latest contribution, the quantity of credentials in the Pwned Passwords service has surged by 38%, to over 847 million.