The UK Government Has Shared 585 Million Passwords with Have I Been Pwned Service

The National Crime Agency of the United Kingdom has provided more than 585 million passwords to the Have I Been Pwned (HIBP) service, which allows users to check whether their login information has been leaked.

Almost 226 million were newcomers to HIBP. In addition, the FBI can now enter passwords directly into the HIBP database.

As with the passwords coming from the FBI, this massive collection has been added to the Pwned Passwords data, allowing you to search whether your password has been hacked.

Recently, FBI has shown the messengers that leaked users’ data to it. Here are the details. 

What is HIBP?

The Pwned Passwords HIBP project allows law enforcement agencies in many countries to add passwords found during investigations. Thus, other Pwned Passwords API services can protect their users from account hijacking attacks.

What is Have I Been Pwned

The list of the most dangerous hacker attacks is here.

As it became known recently, the collection of the Have I Been Pwned (HIBP) project was replenished with 585,570,857 passwords that got into the public domain. Of these, 225,665,425 turned out to be brand new, expanding the number of leaked passwords available in the database of the free service by 38 percent. These results of various leaks were discovered in cloud storage by employees of the National Crime Agency (NCA.)

What data was leaked?

The data sets consisted of records of “password – email account.” Unfortunately, the owner of the impressive collection could not be identified. Since the database was publicly available and could fall into the wrong hands, the authors decided to share it with Troy Hunt, the creator of the HIBP aggregator.

The effective ways of email protection are here.

Note that the NCA is already the second law enforcement agency with extensive capabilities that joined the HIBP information security project as a source of information. Six months ago, HIBP enlisted the same support from the FBI. Before the infusion of NCA, there were 613 million unique passwords merged into the Network in the Pwned Passwords collection. The new release (the eighth), posted to the public, included such previously unknown keys as flamingo22, Alex1994, and 91177700.

The modern password tutorial is here.

The HIBP service allows companies and sysadmins to check the safety of their passwords. Although the datasets generated by Hunt are available via the API, they can also be downloaded from the site in the form of SHA-1 and NTLM hashes and then checked offline. 

By the way, 1.26 billion requests were submitted through the Pwned Password API last month. In addition, 27 different states also use the HIBP website. They are able to search at the national domain level.

According to the NCA, the source of the passwords is cloud storage owned by a British company and used by unidentified attackers to store compromised data. Investigators found that the passwords were stolen due to several leaks, and outsiders could access them for fraud and other criminal purposes.

Thanks to the passwords provided by the NCA, the number of passwords in Pwned Passwords increased to 847 million.

Be aware of data leaks and funny passwords. Choose the most secure ones.


Leave a Reply

Leave a comment

Your email address will not be published.