Troy Hunt, the founder of Have I Been Pwned, has announced that the FBI and the UK’s National Crime Agency, have helped the site to boost its hacked passwords database. The FBI is providing passwords via an Ingestion Pipeline which will allow HIBP to add passwords to its database that the FBI uncovers in investigations while the NCA has provided a database of 225 million passwords.
By adding more compromised passwords, HIBP users will be able to check their accounts against a larger number of breaches. If you find that any of your passwords have been compromised, you should change your login details on the breached websites as well as any other websites that use the exposed passwords. Luckily, web browsers make this job very easy now because they all have in-built password managers that generate secure and unique passwords.
According to the NCA, the 225 million passwords it found were located on a UK-based business cloud storage facility by unknown criminals. It said as these passwords were in the public domain and could be exploited by bad actors. To help fight against their misuse, the NCA provided HIBP with the passwords so people can check to see if their accounts are secure.
Commenting, the NCA said:
“Over 225 million compromised passwords previously unseen by HIBP were provided by the NCA to HIBP for incorporation into their password repository, allowing them to be checked by individuals and companies worldwide seeking to verify the security risk of a password before usage, supporting the NCA’s mission to protect the public from cyber criminality.”
It’s great to see HIBP gaining new breach data as this means the public are given more security. Coupled with browser password managers, keeping your countless online accounts safe and secure is becoming more convenient.
Update: HIBP reached out to clarify it was building the Ingestion Pipeline and the FBI would just be using it to supply passwords.