IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

NCA donates 225 million passwords to Have I Been Pwned

The move comes as both UK and US national crime-fighting agencies collaborate with the popular compromised credential checker

National crime authorities in the UK and US have committed to providing compromised passwords they find during the course of their crime-fighting everyday work to Have I Been Pwned (HIBP), a popular website to check compromised login credentials.

The UK's National Crime Agency (NCA) donated more than 225 million passwords it had stored after detecting them through the course of their normal work, growing HIBP's bank of hacked passwords by more than a third.

Prior to the NCA's donation, HIBP stored 613 million compromised passwords in its database. The NCA offered up a bank of passwords more than 585 million-strong and after parsing out the duplicates, Troy Hunt, owner of the website, found a little more than 225 million passwords that weren't currently in his database.

Speaking to Hunt, the NCA said the donated passwords were found in a UK business' cloud storage facility and were an accumulation of datasets both known and unknown. It meant the compromised credentials were now in the public domain but couldn't be attributed to any company or platform which is why the agency engaged HIBP.

Hunt also announced the FBI will now be collaborating with HIBP with an injection pipeline into the site. The FBI has been helping HIBP build an open source tool that allows law enforcement and crime-fighting agencies like the FBI and NCA to feed compromised credentials directly into the HIBP website via an injection pipeline.

Related Resource

Busting the myths about SSO

Why SSO capability is critical to the success of IAM

Pixelated black and white image with whitepaper title above on white backgroundFree download

Hunt transitioned the site into a .NET framework earlier this year which allowed him to build the pipeline, a tool that hopes to make it easier for law enforcement to donate more passwords in the future. 

"Today's release is about turning on the firehose of new passwords and making them immediately available to everyone for free," said Hunt, announcing the news on his blog. "Having this open to the community, owned by the community and supported by the FBI and NCA is an enormously pleasing result, and I couldn't be happier than to end the year on this note"

HIBP is a website that allows users to query its database with their email addresses and passwords to check if their credentials have been included in data breaches. When checking email addresses, the website will inform users of what company's data breach in which their email address was compromised.

Its password checker also tells users how many times their password has been seen after being included in a data breach and provide guidance on how to change passwords and manage new ones.

A growing bank of data allows HIBP to be more useful to consumers and businesses, and makes stolen credentials less useful in the hands of criminals.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Recommended

Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to incorporate password protection into your security strategy
Sponsored

How to incorporate password protection into your security strategy

3 Aug 2022
Should you take your password manager off the internet?
Sponsored

Should you take your password manager off the internet?

28 Jul 2022
The psychology of secure passwords
Sponsored

The psychology of secure passwords

14 Jul 2022

Most Popular

Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022
Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022