UK National Crime Agency finds 225 million previously unexposed passwords

The United Kingdom’s National Crime Agency and National Cyber Crime Unit have uncovered a colossal trove of stolen passwords.

We know this because Troy Hunt, of Have I Been Pwned (HIBP) fame, yesterday announced the agency has handed them over to his service, which lets anyone conduct a secure search of stolen passwords to check if their credentials have been exposed.

The NCA shared 585,570,857 with HIBP, and Hunt said 225,665,425 were passwords that he hasn’t seen before in the 613 million credentials HIBP already stored before the NCA handed over this new batch.

The NCA sent Hunt a statement explaining how it found the passwords:

The NCA’s statement to Hunt did not reveal the source of the password trove, or how it was discovered. Hunt did reveal the following were found among the newly compromised passwords.

  • flamingo228
  • Alexei2005
  • 91177700
  • 123Tests
  • aganesq

Today’s release brings the total Pwned Passwords count to 847,223,402, a 38 percent increase over the last release. 5,579,399,834 occurrences of a compromised password are represented across HIBP.

Hunt’s post also announced that HIBP’s new ingestion pipeline is now live and enables mass uploads of compromised passwords by law enforcement agencies. The FBI is already in on the action. ®

READ MORE HERE