The FBI will start contributing data to Have I Been Pwned, the website that allows people to see if their passwords have been compromised in a data breach.
As data breaches become a regular occurrence, it’s important to periodically check to see if a password has been compromised by a breach. Have I Been Pwned offers that service, and the FBI wants to contribute.
According to Troy Hunt, Have I Been Pwned’s creator, the FBI reached out to him to see if there was a way to provide the site with comprised passwords they become aware of in the course of their investigations.
And so, the FBI reached out and we began a discussion about what it might look like to provide them with an avenue to feed compromised passwords into HIBP and surface them via the Pwned Passwords feature. Their goal here is perfectly aligned with mine and, I dare say, with the goals of most people reading this: to protect people from account takeovers by proactively warning them when their password has been compromised. Feeding these passwords into HIBP gives the FBI the opportunity to do this almost 1 billion times every month. It’s good leverage ?
As Hunt points out, the FBI’s goals are aligned with his in this instance, and they have the ability to make a significant contribution to the database of comprised passwords. This is a big win all around, and should help keep people safe.