The FBI gives the violated passwords to Have I Been Pwned
The FBI is working with Have I Been Pwned to hand over the leaked security codes in its databases. Also the HIBP control service becomes open source.
Have I Been Pwned (HIBP), a website created and maintained by security researcher Troy Hunt, is one of top destinations to find out if your email or password was part of a data breach.
Hunt, who is also Microsoft's regional security director, announced last night that makes the site open source so that other developers can contribute to the project and make it easier to find your compromised credentials. For the record, had announced his intention to sell it or make it available to other services.
As a first step, the Hunt Foundation and .NET create the open source password module. It will not be the whole structure but only the password module. This page that essentially allows you to check if any of your passwords were part of a data leak.
In addition, HIBP is working with the FBI, which will help strengthen the database with its own set of compromised codes.
The FBI will share the passwords as hash pairs SHA-1 and NTLM, which can then be searched for using the service or obtained as part of the Pwned Password list.
The Pwned module password allows users to download passwords that have been compromised as SHA-1 or NTLM password lists, and can be used offline by Windows administrators to check if they are being used on their network.
Earlier this week, Hunt noted that the HIBP website is approaching 1 billion monthly requests for password and email identity leaks.