225 Million Hacked Passwords Donated to Free Checking Website

22.12.2021
Mobile Phone With Security Logo

Mobile Phone Secured (Photo by Dan Nelson on Unsplash)

The UK’s National Crime Agency (NCA) has donated 225 million compromised passwords to a free online hack-checking website.

The website, Have I Been Pwned?, allows users to check if their passwords - or the email addresses and phone numbers they use online - have been the victim of cyber security breaches.

The NCA has now bolstered that database with an extensive list of passwords it recovered from cyber criminals. The passwords had been harvested by cyber criminals who used the information along with real people’s email addresses, allowing them to access unsuspecting victims’ online accounts and more.

The good news here is that the NCA has managed to retrieve these passwords and share them with the online community for the greater good. What’s not so encouraging is that the recovery of these passwords shows just how many Internet users are vulnerable to attack. It’s also worth bearing in mind that, despite its size, this database will be a tiny fraction of the real number of stolen passwords out there.

What Can Businesses Do to Protect Themselves?

Businesses clearly have a lot of sensitive information and data they need to keep secure. Whether it’s internal data or customer information, it’s imperative that the relevant systems and security protocols are in place to protect against cyber attacks.

When it comes to passwords, there are a few steps that can help:

  • Encourage staff to use unique passwords, rather than anything easy to guess or with memorable information

  • Avoid using the same passwords for multiple logins, accounts and systems

  • Use a secure password management tool to enable staff to easily store passwords for each of the systems they need to access, such as;
    • 1Password
    • Passpack
    • Keeper
    • Dashlane
    • Lastpass
    • Password Boss
  • Add two-factor authentication to all your accounts so even if hackers get your password there is another level of security

What’s Our Recommendation?

If you’re not already monitoring the web for potential security breaches and password theft, we recommend you start now. Have I Been Pwned? is a good first step for a one off look up but your IT support provider should be able to provide an ongoing monitoring service to act as an early warning against security breaches.

If any breaches have already occurred, ensure passwords are changed and made more secure.

Then, implement a culture of change when it comes to cyber security. Encourage staff to be more responsible when creating accounts and updating login details. Consider implementing an ongoing test and training programme for staff, also something your IT support provider should be able to help with.

Finally, consider using an identity and access management (IAM) system to improve password access and control.

Follow these steps and it will help keep your company’s data as secure as possible.

Want to learn more about Cyber Security? Get our free ebook on Cyber Security Essentials today! Full of valuable insights, checklists, actionable advice and quick wins, the guide helps you keep your doors firmly closed to fraudsters and criminals. Download your copy now.