NCA donates 225 million passwords to Have I Been Pwned

The move comes as both UK and US national crime-fighting agencies collaborate with the popular compromised credential checker

National crime authorities in the UK and US have committed to providing compromised passwords they find during the course of their crime-fighting everyday work to Have I Been Pwned (HIBP), a popular website to check compromised login credentials.

The UK's National Crime Agency (NCA) donated more than 225 million passwords it had stored after detecting them through the course of their normal work, growing HIBP's bank of hacked passwords by more than a third.

Prior to the NCA's donation, HIBP stored 613 million compromised passwords in its database. The NCA offered up a bank of passwords more than 585 million-strong and after parsing out the duplicates, Troy Hunt, owner of the website, found a little more than 225 million passwords that weren't currently in his database.

Speaking to Hunt, the NCA said the donated passwords were found in a UK business' cloud storage facility and were an accumulation of datasets both known and unknown. It meant the compromised credentials were now in the public domain but couldn't be attributed to any company or platform which is why the agency engaged HIBP.

Hunt also announced the FBI will now be collaborating with HIBP with an injection pipeline into the site. The FBI has been helping HIBP build an open source tool that allows law enforcement and crime-fighting agencies like the FBI and NCA to feed compromised credentials directly into the HIBP website via an injection pipeline.

Related Resource

Busting the myths about SSO

Why SSO capability is critical to the success of IAM

Pixelated black and white image with whitepaper title above on white backgroundFree download

Hunt transitioned the site into a .NET framework earlier this year which allowed him to build the pipeline, a tool that hopes to make it easier for law enforcement to donate more passwords in the future. 

"Today's release is about turning on the firehose of new passwords and making them immediately available to everyone for free," said Hunt, announcing the news on his blog. "Having this open to the community, owned by the community and supported by the FBI and NCA is an enormously pleasing result, and I couldn't be happier than to end the year on this note"

HIBP is a website that allows users to query its database with their email addresses and passwords to check if their credentials have been included in data breaches. When checking email addresses, the website will inform users of what company's data breach in which their email address was compromised.

Its password checker also tells users how many times their password has been seen after being included in a data breach and provide guidance on how to change passwords and manage new ones.

A growing bank of data allows HIBP to be more useful to consumers and businesses, and makes stolen credentials less useful in the hands of criminals.

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Recommended

Top 200 most common passwords of 2021 revealed
cyber security

Top 200 most common passwords of 2021 revealed

10 Dec 2021
What is single sign-on (SSO)?
single sign-on (SSO)

What is single sign-on (SSO)?

2 Dec 2021
More than 90% of IT decision makers reuse passwords
Security

More than 90% of IT decision makers reuse passwords

30 Nov 2021
Chinese hackers target ManageEngine password manager
cyber security

Chinese hackers target ManageEngine password manager

9 Nov 2021

Most Popular

Sony pulls out of MWC 2022
Business operations

Sony pulls out of MWC 2022

14 Jan 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
Dell XPS 15 (2021) review: The best just got better
Laptops

Dell XPS 15 (2021) review: The best just got better

14 Jan 2022