FBI to share compromised passwords with Have I Been Pwned
The FBI will soon begin to share compromised passwords with Have I Been Pwned's 'Password Pwned' service that were discovered during law enforcement investigations.
The Have I Been Pwned data breach notification site includes a service called Pwned Passwords that allows users to search for known compromised passwords.
Using this service, a visitor can input a password and see how many times that password has been found in a breach. For example, if we enter the password 'password,' the service states that it has been seen 3,861,493 times in data breaches.
Today, Have I Been Pwned creator Troy Hunt announced that the FBI would soon be feeding compromised passwords found during law enforcement investigations into the Pwned Password service.
By providing this feed, the FBI will allow administrators and users to check for passwords that are known to be used for malicious purposes. Admins can then change the passwords before they are used in credential stuffing attacks and network breaches.
"We are excited to be partnering with HIBP on this important project to protect victims of online credential theft. It is another example of how important public/private partnerships are in the fight against cybercrime," - Bryan A. Vorndran, Assistant Director, Cyber Division, FBI.
