The United Kingdom National Crime Agency shared more than 585 million broken passwords identified during investigations with the Have I Been Pwned, a site that indexes data from security breaches.
The NCA is the second law enforcement agency to officially supply HIBP with leaked passwords after the US Federal Bureau of Investigation launched a similar partnership with page in May.
In a blog post today, HIBP creator Troy Hunt reported that 225 million of the NCA password breaches found were new and unique.
These passwords were added to a section of the HIBP site called Pwned Passwords. This section allows companies and system administrators to check and see if their current passwords have been compromised or if they are part of public lists used by hackers in brute-force and password-spraying attacks.
The HIBP Pwned Passwords collection currently includes 5,5 billion entries, of which 847 million are unique passwords.
Hunt reported that the NCA found the compromised passwords, combined with email accounts, on a cloud account in the United Kingdom.
"Through the analysis, it became clear that these credentials were an accumulation of infringed sets of known and unknown data." said the NCA in Hunt.
The NCA said it was unable to identify or assign compromised email and password combinations to any particular platform or company.
"The fact that they were placed in the cloud storage facilities of a UK company by strangers means that the credentials are now public and can be used by third parties to commit further fraud or cybercrime," the agency added. justifying her decision to share the data with Hunt.