Police found 225 million stolen passwords hidden on a hacked cloud server. Is yours one of them?

The UK National Crime Agency (NCA) and National Cyber Crime Unit (NCCU) have discovered a 225 million cache of stolen emails and passwords and handed them to HaveIBeenPwned (HIBP), the free service for tracking credentials stolen and/or leaked through past data breaches. 

The 225 million new passwords become a part of HIPB’s existing body of 613 million passwords in the Pwned Passwords set, which offers website operators a hash of the passwords to ensure users don’t use them when creating a new account. Individuals can use HIPB’s Pwned Password page to see whether their passwords have been leaked in previous breaches.

ZDNet Recommends

The service helps organizations meet the NIST’s recommendation that users should be prevented from using any password that was previously exposed in a breach. That requirement aims to address the increasing use of “credential stuffing”, where criminals test large lists of leaked and commonly-used username and password combinations against various online accounts. 

SEE: Hackers are turning to this simple technique to install their malware on PCs

The technique has been used to compromise 50,000 online bank accounts since 2017, the FBI warned last year, and works because many people still use the same password

Read More: https://www.zdnet.com/article/police-found-225-million-stolen-passwords-hidden-on-a-hacked-cloud-server-is-yours-one-of-them/#ftag=RSSbaffb68