The United Kingdom’s National Crime Agency has donated more than 585 million passwords to the Have I Been Pwned service. This service allows users to inspect if their login information has leaked online.
— BleepingComputer (@BleepinComputer) December 20, 2021
Similar to the passwords issued by the FBI, this enormous cluster has been counted to the Pwned Passwords data that permits digging if a password has been compromised.
NCA’s password cluster comes from the agency’s National Cyber Crime Unit (NCCU), collected during investigations of cybersecurity incidents.
According to Troy Hunt, the founder of Have I Been Pwned (HIBP) service, a collection of 225,665,425 passwords was completely new after importing the data sent by the NCA.
According to Troy Hunt statement in a blog post:
Now, keep in mind that before today’s announcement, there were already 613M of them in the live Pwned Passwords service (and many millions more in my local working copy waiting for the next release), so the NCA’s corpus represented a significant increase in size.
The section of the HIBP websites in which these passwords are added is called Pwned Passwords. Companies and system administrators usually utilize this section to confirm whether their current passwords have been compromised in hacks.
Currently, the HIBP Pwned Passwords cluster contains 5.5 billion entries, of which 847 million are distinctive. Companies can also download these passwords to countercheck their passwords against the data set locally.
Image Credit: The Record
In a statement issued by Hunt, the NCA said it discovered the compromised passwords, paired with email accounts, in an account at a UK cloud storage facility.
According to the report, NCA has told Hunt:
Through analysis, it became clear that these credentials were an accumulation of breached datasets known and unknown
The case investigators learned that the credentials came from numerous data breaches and that third parties could access them “to commit further fraud or cyber offenses.” They can also commit ransomware attacks, phishing, and more.
With NCA’s recent donation, the number of credentials in the Pwned Passwords service increased by 38%, to more than 847 million. Today’s release is only about making the new passwords immediately available to everyone for free. Troy Hunt finds this extremely satisfactory result as it is open to people, owned by the people, and fully supported by the FBI and NCA.