UK Government Contributes to Stolen Password Database
Following the contribution, Have I Been Pwned will host more than 800 million compromised credentials…
An article review.
Have any of your login credentials been revealed in a breach? If you’re unsure about that, Have I Been Pwned (HIBP) can help you out by letting you check against over 600 million compromised credentials…and with the efforts of law enforcement agencies that number will soon be rising.
According to an article from BleepingComputer, the UK National Crime Agency recently contributed over 585 million passwords to the database, with those credentials coming largely from one single cloud storage location that was being used by criminals to store stolen data. The UK’s contribution comes not soon after the FBI made similar data available to HIBP, showing broad consensus among law enforcement that making such data available can help avoid future breaches.
As useful as this information can be, many users seem to be unaware it exists–that is, considering that out of the 585 million credentials submitted by the UK only about 225 million were found to be new. This suggests that there are potentially tens or hundreds of millions of people out there using a username and password that are known to be compromised.
With thousands of additional compromised credentials being added every week, even if you’ve checked your credentials in the past it may pay to make such checks part of your regular cybersecurity duties. Such checks are becoming so important many credit monitoring services include them among their services, and many applications now include the option for administrators to automatically check user passwords against lists of compromised credentials.
Considering the rate at which the numbers on HIBP’s website continue to rise, it’s likely we’ll see even more integration with its database, and others like it, in the future.
Original article by Ionut Ilascu writing for BleepingComputer.