Representatives of the British National Crime Agency (NCA) shared with the leak aggregator Have I Been Pwned a collection of 585 million compromised passwords that they were able to find during the investigation.
This is the second precedent of this kind: earlier in 2021, FBI representatives agreed to a similar cooperation with Have I Been Pwned, having received the opportunity to directly upload compromised passwords to the service database.
Then it was reported that law enforcement officers will provide passwords in the form of SHA-1 and NTLM hashes, and not in clear text. That is, no one will see the personal data of users.
Now the creator and head of the resource, Troy Hunt, announced the conclusion of a similar agreement with British law enforcement agencies.
NCA representatives have already handed over 550 million hacked passwords to HIBP, and about 225 million of them turned out to be unique and new.
Hunt's statement states that the NCA found all of these compromised passwords (along with email addresses) on an unnamed UK cloud storage account. At the same time, the agency said that they were unable to determine whether the compromised combinations of passwords and emails relate to any particular platform or company.
"The fact that [this data] has been placed in the cloud storage of a British company by unknown criminals means that these credentials are in the public domain and may be available to third parties who can use them to commit fraud and other cybercrimes," they warned at the NCA.
Tags:Have i been pwned, NCA Breaking intonews Passwords Data leaks