Recent Blogs

NCA Donates 225m Stolen Passwords to Hack-Checking Site

23 December 2021

It’s been revealed that the UK’s National Crime Agency (NCA) has donated over 225 million stolen passwords to Have I Been Pwned (HIBP), a cyber security project that allows anyone to check if their personal data has been compromised by data breaches. 

Troy Hunt – Have I Been Pwned’s founder – announced on Friday that they now had an easy ‘pipeline’ function for law enforcement organisations, allowing agencies such as the NCA to easily add recovered passwords to HIBP’s website.

Were any of my passwords included in the list?

Although the exact source of the passwords is unknown, Hunt did reveal the following were found among the newly compromised passwords:

  • aganesq
  • flamingo228
  • 91177700
  • Alexei2005
  • 123Tests

If you’d like to see if any of your own passwords were included in the donated list, you can search through all of them here.

If any of your passwords do appear in the database, you must remember that they’re ultimately in the hands of criminals. Therefore, you should look to change them straight away. 

How did the NCA find the compromised passwords?

On the matter, Hunt said:

“Last year the NCA, working with UK policing, identified that there had been a compromise of a UK organisation’s cloud storage facility, leading to over 40,000 files being uploaded to their servers by cyber-criminals.

“After the financial and other identifiable personal data was mitigated, officers were left with a large set of credentials which could not be attributed to specific data breaches.” 

Those 225 million passwords made up the NCA’s “donation” to Have I Been Pwned.

He went on to say that it’s usually cyber attacks that often result in personal data – such as passwords and other personal information – being stolen and sold on. 

By making these passwords available to the public on their well-known website, Have I Been Pwned are helping to reduce the value of these passwords and limiting how they can be used by cyber criminals. 

How can I protect my personal data online? 

There’s plenty you can do to protect your data, from using password generators to shopping securely. Take a look at our tips on staying safe online to find out more.

If you’re an SME, we also recommend opting for managed antivirus software and managed IT services to keep your business fully protected and to limit threats. 

As one of the leading IT support companies in Liverpool and the UK, ICT Solutions are on hand 24/7, 365 days a year. Get in touch with us today to see how we can help.