IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

NCA donates 225 million passwords to Have I Been Pwned

The move comes as both UK and US national crime-fighting agencies collaborate with the popular compromised credential checker

National crime authorities in the UK and US have committed to providing compromised passwords they find during the course of their crime-fighting everyday work to Have I Been Pwned (HIBP), a popular website to check compromised login credentials.

The UK's National Crime Agency (NCA) donated more than 225 million passwords it had stored after detecting them through the course of their normal work, growing HIBP's bank of hacked passwords by more than a third.

Prior to the NCA's donation, HIBP stored 613 million compromised passwords in its database. The NCA offered up a bank of passwords more than 585 million-strong and after parsing out the duplicates, Troy Hunt, owner of the website, found a little more than 225 million passwords that weren't currently in his database.

Speaking to Hunt, the NCA said the donated passwords were found in a UK business' cloud storage facility and were an accumulation of datasets both known and unknown. It meant the compromised credentials were now in the public domain but couldn't be attributed to any company or platform which is why the agency engaged HIBP.

Hunt also announced the FBI will now be collaborating with HIBP with an injection pipeline into the site. The FBI has been helping HIBP build an open source tool that allows law enforcement and crime-fighting agencies like the FBI and NCA to feed compromised credentials directly into the HIBP website via an injection pipeline.

Related Resource

Busting the myths about SSO

Why SSO capability is critical to the success of IAM

Pixelated black and white image with whitepaper title above on white backgroundFree download

Hunt transitioned the site into a .NET framework earlier this year which allowed him to build the pipeline, a tool that hopes to make it easier for law enforcement to donate more passwords in the future. 

"Today's release is about turning on the firehose of new passwords and making them immediately available to everyone for free," said Hunt, announcing the news on his blog. "Having this open to the community, owned by the community and supported by the FBI and NCA is an enormously pleasing result, and I couldn't be happier than to end the year on this note"

HIBP is a website that allows users to query its database with their email addresses and passwords to check if their credentials have been included in data breaches. When checking email addresses, the website will inform users of what company's data breach in which their email address was compromised.

Its password checker also tells users how many times their password has been seen after being included in a data breach and provide guidance on how to change passwords and manage new ones.

A growing bank of data allows HIBP to be more useful to consumers and businesses, and makes stolen credentials less useful in the hands of criminals.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Google merges Chrome and Android password managers after community feedback
Security

Google merges Chrome and Android password managers after community feedback

1 Jul 2022
Apple, Google, Microsoft expand their support for password-less sign-ins
cyber security

Apple, Google, Microsoft expand their support for password-less sign-ins

6 May 2022
NordPass teams up with insurance provider Cowbell Cyber to improve security awareness
cyber security

NordPass teams up with insurance provider Cowbell Cyber to improve security awareness

18 Feb 2022
Top 200 most common passwords of 2021 revealed
cyber security

Top 200 most common passwords of 2021 revealed

10 Dec 2021

Most Popular

Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022
Macmillan Publishers hit by apparent cyber attack as systems are forced offline
Security

Macmillan Publishers hit by apparent cyber attack as systems are forced offline

30 Jun 2022
Actively exploited server backdoor remains undetected in most organisations' networks
cyber attacks

Actively exploited server backdoor remains undetected in most organisations' networks

1 Jul 2022