The NCA Shares 585 Million Passwords With 'Have I Been Pwned'

The UK National Crime Agency has shared a collection of more than 585 million compromised passwords it found during an investigation with Have I Been Pwned, a website that indexes data from security breaches. The Record reports: The NCA now becomes the second law enforcement agency to officially supply HIBP with hacked passwords after the US Federal Bureau of Investigations began a similar collaboration with the service back in May. In a blog post today, Troy Hunt, HIBP creator Troy Hunt said that 225 million of the compromised passwords found by the NCA were new and unique.

These passwords have been added to a section of the HIBP website called Pwned Passwords. This section allows companies and system administrators to check and see if their current passwords have been compromised in hacks and if they are likely to be part of public lists used by threat actors in brute-force and password-spraying attacks. Currently, the HIBP Pwned Passwords collection includes 5.5 billion entries, of which 847 million are unique. All these passwords are also available as a free download, so companies can check their passwords against the data set locally without connecting to Hunt's service.

In a statement shared by Hunt, the NCA said it found the compromised passwords, paired with email accounts, in an account at a UK cloud storage facility. The NCA said they weren't able to determine or attribute the compromised email and password combos to any specific platform or company.

Read more of this story at Slashdot.