The FBI Will Feed Hacked Passwords Directly Into Have I Been Pwned

Australian security researcher Troy Hunt announced today that he granted the US Federal Bureau of Investigation a direct line to upload new content into Have I Been Pwned, a website that indexes data from security breaches. From a report: The HIBP creator said that when the FBI discovers password collections during their investigations, they will upload the data into a section of the site called Pwned Passwords. The FBI will provide passwords as SHA-1 and NTLM hashes and not in plain text. No user personal details will be provided, but only the password hashes. The passwords will be added to Pwned Passwords, a collection of more than 613 million leaked passwords. While the main HIBP website allows users to search if their emails, names, or usernames have been leaked online in past security breaches, Pwned Passwords is a smaller and more specialized component of the HIBP site that tells users if a password string has ever been leaked online, without attaching the password to any user details.

Read more of this story at Slashdot.