Pages

Security Breached, Half a Billion Passwords Lurking Around In U.K’s Cloud Server

Cyber security has been a big problem for businesses and every company wants its security to be the best, for that they hire the best of experts and researchers and they try to maximize their security strength so that no one can breach their safety measures, but hackers sometimes manage to break into the server and steal valuable data.

The same thing happened in the U.K. According to the reports of the National Crime Agency’s National Cyber Unit, around 585 million sets of personal credentials have been breached and are collected in a cloud storing facility, just waiting there to be claimed by any bad actor if they wanted to go through it.

All the credentials that were collected are a mixed bag in context that their source was yet to be determined. It was not clear that how these passwords were breached. As the NCA was not able to find any source or link towards the breached data, they reached out to Troy Hunt, who is the creator of "Have I been Pwned" (HIBP) to check the passwords against its database.

After looking at the information that was already stored in the HIBP database, they came to a conclusion that around 226 million of the records that were found were not present in the database, keeping in mind that the database of HIBP contains around 613 million passwords.

The NCA released a statement to hunt which stated that, “After analysis, it was found that the datasets were a collection of compromised passwords which are both known and unknown”. Further Stated, “Not to forget about the fact that these compromised passwords had been placed on a U.K based business cloud storage facility by an anonymous entity which means that it is available for the public to use which means that it can be further misused by attackers in cyber-offenses.

Companies can now check these compromised passwords and credentials from the HIBP database and verify if their data had been breached by attackers or not. Furthermore, they can use it to minimize risk in their future security protocols as well. Hunt said in a blog post on Monday that, “Some passwords that were not in the list but now are, includes aganesq, Alexei2005, 91177700, 123Tests and aganesq.

They were able to get a hold of a lot of passwords and what they are trying to do now is to enter those passwords into the HIBP’s database so that companies can protect its clients from future security attacks.

A 38% of rise was seen in the graph against the last version of the HIBP’s database, which means that tally of the pawned passwords went up to 847,223,402.


Read next: Researchers shared insights on how strong a password can be

No comments: