Have I Been Pwned publicises 225 million new breached passwords

UK’s National Crime Agency (NCA) has urged the public to check the security of their email addresses and passwords after they uploaded 225 million unique passwords to hack-checking service Have I Been Pwned (HIBP).

With this addition of 225 million passwords obtained from cyber criminals, the NCA are urgently encouraging people to search for their own passwords on the website to check if their details are in the hands of hackers.

The 225 million passwords that were found in a compromised cloud storage facility were an accumulation of datasets both known and unknown.

HIBP is a free online service allowing users to search the now updated 853 million strong Pwned Password service database to see if their email or password has been compromised and in which specific historic or current data breaches their data was listed in.

Troy Hunt, owner of Have I Been Pwned, received a statement from the NCA reporting:

“During recent NCA operational activity, the NCCU’s Mitigation@Scale team were able to identify a huge amount of potentially compromised credentials (emails and associated passwords) in a compromised cloud storage facility”

Hunt further revealed that Have I Been Pwned’s new data ingestion pipeline is now live. The service allows law enforcement agencies across the globe to upload compromised email addresses and passwords directly to the Pwned database and has already seen collaboration with the FBI. Hunt goes on to explain:

“During the course of their investigations, they come across a lot of compromised passwords, and if they were able to continuously feed those into HIBP, all the other services out there using Pwned passwords would be able to better protect their customers from account takeover attacks”

Compromised passwords present significant security vulnerabilities for UK businesses as identified in a National Cyber Security Centre study which revealed that UK businesses experienced 777 cyber incidents in 2021, up from 723 in 2020.

Protection of network login credentials and identification of breached passwords is essential to ensure companies’ data remains secure and to avoid ransomware attacks as exemplified in July’s devastating ransomware attack on Kaseya and the 500 million affected by data breaches on Facebook and LinkedIn In April.

Being Cyber Essentials Plus Certified, Lineal has identified the growing need for a managed cybersecurity solution for businesses of all sizes. Our cybersecurity package aims to safeguard your business’ data against a host of cyber threats across multiple platforms including password encryption keys.

For more information of how we can help secure your business, visit our Cybersecurity page