The National Cybercrime Unit, part of the UK’s National Crime Agency, shared nearly 586 million passwords with Have I Been Pwned. Of these, approximately 226 million were new to HIBP. In addition, the FBI can now enter passwords directly into the HIBP database.
NCCU during the investigation Criminal activity discovered millions of passwords on an unnamed UK cloud storage service. These passwords were linked to email addresses and were a collection of “known and unknown data sets”. It is not known who put this data in the cloud storage service. However, this data can be accessed by criminals to commit fraud, for example.
Since passwords do not belong to a single victim, platform or company, NCCU has chosen to share them with the website I’ve been PwnedSo that as many victims as possible are informed of the theft. It was a file with 585,570,857 passwords; While at that time the Pwned password service contained 613 million passwords. Of the 586 million passwords, 225,665,425 were unique to Have I Been Pwned. These are now also included in the Pwned Passwords database.
These passwords are now available in the Pwned Passwords API, among other things, other organizations can also use to implement them in their services. For example, websites can add an API to the registration form, so that the website owner can prevent a user from reusing a previously leaked password.
Troy Hunt, Director of HIBP, announced this as well Previously announced link Between the FBI and this api has since been finalized. Now when the FBI finds passwords, they can be imported directly into the API. this ingestion pipeline It is an open source developer. Hunt wants the entire Have I been Pwned database It becomes open source.
“Coffee buff. Twitter fanatic. Tv practitioner. Social media advocate. Pop culture ninja.”