The National Crime Agency (NCA) of the U.K. has donated around 225 million unique passwords to a cybersecurity project designed to protect users from hackers.
The list is now part of the free online service Have I Been Pwned (HIBP), which allows anyone to search hundreds of millions of passwords to see if they are already being used by criminals.
Troy Hunt, the security researcher who runs the site, said it now has a “pipeline” feature for law enforcement to add passwords they have recovered to the free online service.
“During the course of their investigations, they come across a lot of compromised passwords, and if they were able to continuously feed those into HIBP, all the other services out there using Pwned passwords would be able to better protect their customers from account takeover attacks, ” Hunt said.
An attack on an account occurs when a hacker obtains the username and password for an online service and is able to take control of the account.
Hunt also said that the U.S. FBI and the U.K. NCA are now able to contribute to the open-source systems his team has built, and thanked the NCA in particular for the “donation” of 225 million new passwords.
The NCA urges users to search the website for their own passwords. If the password appears in the database, the user is strongly advised to change it, as this means his account is already in the hands of cybercriminals.
NCA’s National Cyber Crime Unit officer Chris Lewis-Evans said the large list of compromised passwords was the largest ever recovered by the NCA – more than two billion pairs of emails and passwords.
These 225 million passwords now comprise the “donation” to HIBP.