08 February 2022

The UK’s National Crime Agency (NCA) and National Cyber Crime Unit (NCCU) have uncovered a hoard of 225 million unique passwords and has shared them with the Have I Been Pwned (HIBP) security project.

HIPB allows any internet user to search its database to see if their password has been exposed, and in which company’s data breach their email address has been compromised. It also informs users how many times their password has been viewed.

The new passwords were found in a compromised cloud storage facility and included both previously-known and unknown datasets. The find is said to be the largest ever uncovered by the NCA.

“The fact that they had been placed on a UK business’s cloud storage facility by unknown criminal actors meant the credentials now existed in the public domain and could be accessed by other 3rd parties to commit further fraud or cyber offences,” said the NCA.

Troy Hunt, founder and chief executive officer, HIPB added: “Before today’s announcement, there were already 613 million passwords in the live Pwned Passwords service... so the NCA’s corpus represents a significant increase in size.”