The UK’s National Crime Agency (NCA) has announced that it has shared more than 585 million passwords discovered during its investigation with Have I Been Pwned, a website that indexes data on security breaches
The NCA is the second law enforcement agency to formally provide hacked passwords to the HIBP since the U.S. Federal Bureau of Investigations launched a similar service in May.
HIBP developer Troy Hunt said in a blog post that the 225 million compromised passwords discovered by the NCA are new and unique.
These passwords have been added to the “Pwned Passwords” section of the HIBP website, where companies and system administrators can check if their current passwords have been hacked and are not part of the public list used in brute force and password spray attacks. This section allows companies and system administrators to check if their current passwords have been hacked or included in a public list used in brute force or password spray attacks.
The HIBP Pwned Passwords collection currently contains 5.5 billion entries, of which 847 million are unique. All of these passwords are available for free download, allowing companies to locally match passwords against the dataset without having to connect to Hunt’s service.
In a statement shared with Hunt, the NCA said it had discovered a compromised password paired with an email account at a cloud storage facility in the UK.
Analysis reveals that these credentials are an aggregation of known and unknown compromised data sets
The NCA said it was not possible to attribute the compromised email and password combinations to any particular platform or company.
The fact that it was placed in a UK company’s cloud storage by unknown criminals means that the credentials are now in the public domain and could be accessed by other third parties to commit further fraud and cybercrime.
HIBP is currently being used by government agencies in 27 countries around the world to test user accounts and identify leaks and compromises of user information.
Comments