FBI will share compromised passwords with Have I Been Pwned


The FBI will begin sharing compromised passwords acquired during law enforcement investigations with Have I Been Pwned’s ‘Password Pwned’ service in the near future.


Pwned Passwords is a service provided by the Have I Been Pwned data breach notification site that allows users to search for known compromised passwords.


A user can enter a password and check how many times that password has been found in a breach by utilizing this service.


For example, the password ‘password’ has been spotted 3,861,493 times in data breaches, according to the service.


Now, Troy Hunt, the creator of Have I Been Pwned, has stated that the FBI will be sending compromised passwords discovered during law enforcement investigations into the Pwned Password service in the near future.



FBI, haveibeenpwned, fbi haveibeenpwned, fbi to share passwords with haveibeenpwned, have i been pwned password, have i been pwned meaning, have i been pwned facebook, have i been pwned what to do, have i been hacked, is haveibeenpwned safe, have i been pwned open source, fbi have i been pwned reddit, fbi have i been pwned forum, Computer Security, computers, cyber news, cyber security news, cyber security news today, cyber security updates, cyber updates, cyberattack, cyberattacks, cybercrime, cybercriminals, cybersafe news, cybersecurity, dark web, data breach, Data leak, data stealing malware, DDoS, Distributed Denial of Service, hacker news, Hacks, Infected Installer, information security, InfoSec, infosec news, linux, Mac, Malicious ad campaign, Malvertising, Malware, malware removal, Mobile Security, network security, online security, personal data exposed, Privacy, ransomware, ransomware attack, ransomware gang, ransomware group, ransomware malware, ransomware news, RCE, Remote Access Trojan, Remote Code Execution, remote desktop app, remote desktop app virus, remote desktop malware, rootkit, Security, smartphone, software vulnerability, spyware, Supply Chain, support, system update app, system update malware app, tech, tech news, tech support, tech updates, technical support, trojan, virus, virus removal, Vulnerabilities, Vulnerability, Web Security, what is ransomware




The FBI will be able to check for passwords that have been known to be used for harmful purposes by exposing this information to administrators and users.


Admins can then update the passwords before they’re utilized in network breaches or credential stuffing attempts.


The FBI’s Assistant Director of Cyber Division, Bryan A. Vorndran, expressed his excitement to be working with Have I Been Pwned on this critical effort to protect victims of online credential theft.


He went on to say that this is just another instance of the need for public-private collaborations in the fight against cybercrime.


The passwords will be shared as SHA-1 and NTLM hash pairs, which may be searched using the service or downloaded as part of Pwned Password’s offline password list.


The compromised credentials can be downloaded as lists of SHA-1 or NTLM hashed passwords that Windows administrators can use to check if they are being used on their network.


These lists can be downloaded with hashes sorted alphabetically or by their prevalence.


Hunt has made Password Pwned open source through the.NET Foundation in order to allow this new partnership, and he’s seeking other developers to help establish a ‘Password Ingestion’ API.


This API can be used by the FBI and other law enforcement organizations to feed compromised passwords into the Password Pwned database.


Also read: Malvertised Fake AnyDesk: Trojanized AnyDesk found on Google Ads


You might also like: Forget DARK WEB. Telegram is the new marketplace for illegal activities and cybercrime


You might also like: Japanese government suffers a data breach after Fujitsu hack


You might also like: Cybercriminals use fake foundations to target Uyghur Minority