Credentials from 586 million customers have been left open in a cloud storage facility, leaving user information compromised. The UK’s National Crime Agency National Cyber Crime Unit says the data has been left completely exposed for any cybercriminal to happen on.
There is no explanation for why the data – a disparate collection of sources – became exposed. The National Crime Agency (NCA) was unable to track the flaw to any one company. Microsoft regional director Tory Hunt was asked to use his tool “Have I Been Pwned (HIBP).”
Hunt found that 226 million of the passwords were never before seen on HIBP. That’s impressive considering the catalog already comprises 613 million pwned passwords. So, that means the database now has plenty of new additions.
“Through analysis, it became clear that these credentials were an accumulation of breached datasets known and unknown,” the NCA told Hunt. “The fact that they had been placed on a U.K. business’s cloud storage facility by unknown criminal actors meant the credentials now existed in the public domain, and could be accessed by other third parties to commit further fraud or cyber-offenses.”
Growing the Database
Companies can now find these passwords in HIBP when they are looking to see the security risk of a password breach. That means there are now 847,223,402 passwords in the database, “a 38 percent increase over the last version [of HIBP],” Hunt adds. “More significantly, if we take the prevalence counts into consideration, that’s 5,579,399,834 occurrences of a compromised password represented in this corpus.”
Hunt points out that he will continue to grow the database and the NCA in the UK and FBI in the US are now adding compromised passwords into HIBP.
“The premise is simple: during the course of their investigations, they come across a lot of compromised passwords and if they were able to continuously feed those into HIBP, all the other services out there using Pwned Passwords would be able to better protect their customers from account takeover attacks,” he said.
Tip of the day: Do you know that Windows 11 / Windows 10 allows creating PDFs from basically any app with printing support? In our tutorial, we show you how this works via Microsoft Print to PDF and Bullzip PDF Printer to save a PDF from any app, even with advanced options like adjusted quality, multi-page printing, and password protection.