Top UK security experts are warning consumers to be red alert after 225 million passwords were found to have been leaked online. The National Crime Agency (NCA) says it recovered the shocking data breach from cyber criminals with it featuring real email addresses, accounts and full passwords.
In the wrong hands, this incredibly personal data could clearly leave millions at risk from cyber attacks or something called account takeovers – this is where thieves gain full control of private accounts which can then be used to scam other contacts or steal money.
It’s now vital everyone checks to see if their passwords have been affected in this latest breach.
The NCA says it has donated the full list of accounts to the free online service Have I Been Pwned with anyone concerned able to visit the site and enter their email address.
The service will then show if that account has been compromised. You can check out your details here.
Anyone seeing a red warning sign after entering their account should change their password without delay to avoid their data being accessed by criminals.
Troy Hunt, who runs the Have I Been Pwned service, revealed that they were already aware of around 600 million leaked passwords but this fresh information is hugely significant as none of the 225 million password have been spotted before.
“The UK’s National Crime Agency has done some wonderful work over the years to combat cybercrime.
“Before today’s announcement, there were already 613 million passwords in the live Pwned Passwords service, so the NCA’s corpus represents a significant increase in size.
“Working in collaboration with the NCA, I found 225,665,425 completely new passwords.”
Speaking about the breach, the NCA added: “The UK National Crime Agency’s (NCA) mission is to protect the public by leading the UK’s fight to cut serious and organised crime.
“During recent NCA operational activity, the team were able to identify a huge amount of potentially compromised credentials (emails and associated passwords) in a compromised cloud storage facility. Through analysis, it became clear that these credentials were an accumulation of breached datasets known and unknown.
“As a result of this activity, over 225 million compromised passwords previously unseen by HIBP were provided by the NCA to HIBP for incorporation into their password repository, allowing them to be checked by individuals and companies worldwide seeking to verify the security risk of a password before usage, supporting the NCA’s mission to protect the public from cyber criminality.”