UK Law Enforcement Submits 225 Million Stolen Passwords to HaveIBeenPwned

Published · Dec 24, 2021

The UK National Crime Agency (NCA) and National Cyber Crime Unit (NCCU) donated 225 million passwords to HaveIBeenPwned (HIBP). The list of compromised login credentials is from databases of cybercriminals the law enforcement agencies have recovered.

The hack-checking site HIBP allows users to see whether their email has been leaked. The new entries will increase the service’s capacity by more than 35%.

But more importantly, this move opens the way for future collaborations between private companies and government agencies.

Troy Hunt, the security researcher behind HIBP, says the channel will remain open for the two agencies to send new passwords.

"During the course of their investigations, they come across a lot of compromised passwords, and if they were able to continuously feed those into HIBP, all the other services out there using Pwned passwords would be able to better protect their customers from account takeover attacks."

Cybersecurity Threats

The need to tighten cybersecurity measures is pressing. There is a hacking attack every 39 seconds.

Stolen credentials can have major consequences for both individuals and companies. These can vary from account takeovers to identity theft and even trillions of dollars in losses.

Businesses and governments are starting to recognize the need to increase cybersecurity. But despite recommendations to create safe passwords, individuals often disregard the threat.

In fact, statistics show that the most commonly used password is still “123456.” Sites like HIBP are a good way to identify an existing breach of information.

But how can users prevent leakages of personal information?

The first step is to create a secure password. Password managers, for example, can not only generate one, but store users’ login credentials to multiple accounts.

Public networks are another potential threat to online security. Secure VPNs can serve as an excellent safeguard against WiFi eavesdropping.

Still, despite all measures, incidents beyond the individual’s control do occur. Identifying them is the first step to their solution.

Therefore, the move of the UK law enforcement agencies and HIBP is crucial. The collaboration between private and government organizations is a key factor for increasing cybersecurity.

Aleksandra Yosifova
Aleksandra Yosifova

With an eye for research, Aleksandra is determined to always get to the bottom of things. If there’s a glitch in the system, she’ll find it and make sure you know about it.