UK cyber investigators have share 225 million stolen passwords with a popular data breach checking website, offering it the ability to significantly expand its reach. HaveIBeenPwned is a tool for the public that allows individuals to easily check if their phone, email, or password has been involved in a data breach and offers them guidance on how to take action accordingly. The service can only do so much, however, as it is only as useful as the volume of already-compromised information stored in its databases. The National Crime Agency’s new addition amounts to roughly one third of the 613 million credentials already stored in the site’s service.
The full set provided by the NCA was originally 586 million, however, some passwords were duplicates and were stripped out of the database. Due to the collaboration between NCA and HaveIBeenPwned, the latter will be able to inform millions of individuals that their accounts have been compromised in a data breach. NCA stated that the credentials were not attributable to a single platform or company, and therefore sharing the data with HaveIBeenPwned was an option that allowed individuals and companies across the globe to benefit.
Read More: UK Cyber Cops Share 225 Million Passwords with Breach Site
So What: Collaboration among defenders is critically important, especially in a world where adversaries collaborate among themselves.
What’s Next: Expect more collaboration like this.
Your Action: Read the latest on the cyber threat and defensive strategies at the OODA Cyber Sensemaking page. Become an OODA Network member to discuss this topic with peers.