The FBI has confirmed that over 600 million passwords have been stolen in a major data breach.
It seems every week brings a new reminder that our digital lives hang by fragile threads. The FBI has just revealed a database containing 630 million compromised passwords that were all seized from devices belonging to a single hacker.
Troy Hunt, creator of the invaluable Have I Been Pwned and Pwned Passwords services, confirmed that the FBI handed over the massive list of stolen credentials to add to HIBP's existing database of 17 billion compromised accounts.
Advert
For the past four years, the FBI has provided Hunt with compromised passwords they've recovered through cybercrime investigations. What sets this batch apart, though, is the staggering fact that all 630 million credentials came from a single suspect's devices.
“This latest corpus of data came to us as a result of the FBI seizing multiple devices belonging to a suspect,” Hunt said. "The sheer scope of cybercrime can be hard to fathom, even when you live and breathe it every day.”
The stolen passwords have seemingly come from Telegram channels, malware attacks and even the dark web.
This means not all 630 million credentials are necessarily new or currently active. Some may have been circulating in criminal networks for years before ending up in this hacker's collection.
Advert
“We hadn't seen about 7.4% of them in HIBP before, which might sound small, but that's 46 million vulnerable passwords we weren't giving people using the service the opportunity to block,” Hunt added.
How to check if your password has been breached
Fortunately, all these stolen credentials are searchable through a single service called Pwned Passwords.
Advert
Simply head to the Pwned Passwords service and enter your password.
According to Hunt, 'no password is stored next to any personally identifiable data' like an email address, and 'every password is SHA-1 hashed' for security. Even if your password isn't on the list this time, breaches like this underscore how easily our data can be accessed when passwords aren't properly secured.
To keep our data safe, cybersecurity experts recommend using a password manager to generate random, unique passwords. These tools also provide safe storage for all your credentials in one encrypted location. For example, Apple Passwords comes free with iOS and macOS devices and securely syncs your passwords across your Apple devices. Other popular options to consider are 1Password and Bitwarden.
The tech experts also advise activating two-factor authentication (2FA) on all your accounts, making unauthorised access significantly harder even if your password is compromised.