"NCA Donates 225 Million Passwords to Have I Been Pwned"

The UK's National Crime Agency (NCA) donated over 225 million passwords found during the course of its crime-fighting, to Have I Been Pwned (HIBP). HIBP is a free service used to check credentials stolen or leaked through past data breaches. The service stored 613 million compromised passwords in its databases before the NCA's donation. Originally, the NCA offered a bank of more than 585 passwords, but after duplicates were parsed out, the owner of the site, Troy Hunt, found more than 225 million passwords that were not already in the HIBP database. According to the NCA, the donated passwords were discovered in a company's cloud storage facility and were an accumulation of known and unknown datasets. The agency engaged with HIBP because the compromised credentials were in the public domain but could not be attributed to any company or platform. Hunt also revealed that the Federal Bureau of Investigation (FBI) will collaborate with HIBP on an injection pipeline into the site. The FBI has been helping HIBP in the development of an open-source tool that law enforcement and crime-fighting agencies can use to feed compromised credentials into the HIBP website through an injection pipeline. This article continues to discuss the donation of millions of compromised passwords to HIBP and efforts to create an injection pipeline into the site for agencies such as the FBI and NCA. 

ITPro reports "NCA Donates 225 Million Passwords to Have I Been Pwned"