UK police donates 225 million compromised passwords to the Have I Been Pwned website
According to the BBC, UK’s National Crime Agency (NCA) reclaimed a catalogue from bad actors that contained the actual emails and passwords of people. The agency has donated hundreds of millions of stolen passwords from this list to the Have I Been Pwned website (HIBP). HIBP allows people to discover if their passwords are stolen via a large database.
The creator of HIBP, Troy Hunt, revealed that the website has a new feature whereby police can add stolen credentials to the database. Hunt explained that services that rely on HIBP may be able to prevent account takeover attacks more easily if law enforcement regularly contributes passwords to the site.
HIBP developed an open-source system whereby the US FBI and UK’s NCA can provide passwords. The website’s database previously contained 613 million passwords and the NCA added a further 225,665,425 passwords, marking a substantial increase.
The NCA stated that this extremely large batch of stolen credentials originated from the biggest collection of passwords the organization has ever reclaimed. Moreover, the NCA advises people to look for their passwords on HIBP and to change their passwords if they are found on the database because they have been compromised by criminals.