How to Check if Your Passwords Are Among 225 Million Identified by UK Government as Stolen

Israel seeks to beat election cyber bots

The UK National Crime Agency and National Cyber Crime Unit have donated a database of 225 million stolen emails and passwords to “HaveIBeenPwned,” allowing users to check if their details have been leaked.

ZDNet reports that the UK National Crime Agency (NCA) and National Cyber Crime Unit (NCCU) have shared a cache of 225 million stolen emails and passwords with the website HaveIBeenPwned (HIBP) which allows users to check if their credentials have been stolen or breached in past leaks.

a hacker attempting to log in to the bank account of an unsuspecting target (iStock / Getty Images Plus)

The 225 million credentials will become part of HIPB’s current database of 613 million passwords. HIBP helps organizations meet recommendations that users no longer use a password that was previously exposed in a breach.

Criminals often use a hacking method called “credential stuffing,” to test large lists of leaked and commonly-used username and password combinations to try and log into online accounts. Using different username and password combinations for each online account is one of the best ways that users can protect themselves from online hacks.

Credential stuffing was used to hack into 50,000 online bank accounts since 2017, according to the FBI. The method generally works as people often use the same password on multiple accounts.

NCA and NCCU discovered a recent cache of stolen credentials at a compromised cloud storage facility. In a statement to HIPB, the NCA said:

During recent NCA operational activity, the NCCU’s Mitigation@Scale team were able to identify a huge amount of potentially compromised credentials (emails and associated passwords) in a compromised cloud storage facility.

Through analysis, it became clear that these credentials were an accumulation of breached datasets known and unknown. The fact that they had been placed on a UK business’s cloud storage facility by unknown criminal actors meant the credentials now existed in the public domain, and could be accessed by other 3rd parties to commit further fraud or cyber offences.

Anyone that worries their online information has been leaked can check using HIBP’s online Pwned Passwords page. Simply go to the website here, enter a password you commonly use, and learn if it has been included in a number of data leaks or breaches.

Read more at ZDNet here.

Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan or contact via secure email at the address


Please let us know if you're having issues with commenting.