The National Crime Agency of United Kingdom (NCA) shared a collection of more than 585 million compromised passwords with the infamous Have I Been Pwned website.
Have I Been Pwned is a website founded by Tory Hunt. It shows if your data like usernames, passwords, emails, or phone numbers were leaked in any data breaches.
You may check if any of your accounts has been hacked through this website along with several others. Check here for more information.
Contribution to the HIBP Database from NCA and FBI
Troy Hunt announced that the the FBI (Federal Bureau of Investigation) and the NCA (National Crime Agency) have also contributed to the website’s database. Part of the data is from various FBI investigations. On the other hand, the NCA has provided 585 million breached passwords of which 225 million are completely new.
These passwords have been added to a section of the HIBP website called Pwned Passwords. This section allows companies and system administrators to check and see if their current passwords have been compromised in hacks and if they are likely to be part of public lists used by threat actors in brute-force and password-spraying attacks.
Where did NCA Found the Passwords?
In a statement shared by Hunt, the NCA said it found the compromised passwords, paired with email accounts, in an account at a UK cloud storage facility.
“Through analysis, it became clear that these credentials were an accumulation of breached datasets known and unknown,” the NCA told Hunt.
The NCA said they weren’t able to determine or attribute the compromised email and password combos to any specific platform or company.
“The fact that they had been placed on a UK business’s cloud storage facility by unknown criminal actors meant the credentials now existed in the public domain, and could be accessed by other 3rd parties to commit further fraud or cyber offenses,” the agency added, justifying its decision to share the data with Hunt.