“Have I Been Pwned” breach site partners with… the FBI!

2021-06-02 18:55

Hunt therefore also offers a public service called Pwned Passwords, where you can look up your own password in a database of just over 600 million already-recovered passwords, whether those passwords were stolen due to a large-scale corporate data breach, a carefully planned ransomware attack, a long-running malware infestation, or any other cause.

Avoiding a 10GB download. If you don't have the time or energy to download 10GB or more of of Pwned Passwords data, you can look up your password without giving it away directly.

If you download the raw Pwned Password data and divide it into the same 220 sections as Hunt himself, you will know exactly how many hashes end up in each of the one million sections, a number that will vary randomly from section to section.

The FBI reached out and we began a discussion about what it might look like to provide them with an avenue to feed compromised passwords into HIBP and surface them via the Pwned Passwords feature.

SOME FUN TO FINISH. As shown above, the Pwned Passwords database includes a count of the number of times each password hash appears in the database.

We managed to figure out the last three in a couple of minutes more by looking back at old Naked Security articles about "The worst passwords ever" and using those as inspiration.

News URL

https://nakedsecurity.sophos.com/2021/06/02/have-i-been-pwned-breach-site-partners-with-the-fbi/

#breach #FBI