The UK's National Crime Agency has shared more than 585 million compromised passwords it found during duration of research with Have I Been Pwned, a site that indexes data from security breaches.
The NCA is the second law enforcement agency to officially supply HIBP with leaked passwords after the US Federal Bureau of Investigation launched a similar partnership with page in May.
In a blog post today, Mr Troy Hunt, the creator of HIBP reported that 225 million of the compromised passwords found by the NCA were new and unique.
These passwords have been added to a section of the HIBP website called Pwned Passwords. This section allows companies and system administrators to check and see if their current passwords have been compromised in hacks or if they are part of public lists used by hackers in attacks brute-force and password-spraying.
The HIBP Pwned Passwords collection currently includes 5,5 billion entries, of which 847 million are unique passwords.
Hunt reported that the NCA found the compromised passwords, combined with email accounts, on a cloud account in the United Kingdom.
"Through the analysiss, it became clear that these credentials were an accumulation of compromised datasets known and unknown,” said the NCA in Hunt.
The NCA said it was unable to identify or assign compromised email and password combinations to any particular platform or company.
"The fact that they were placed in the cloud storage facilities of a UK company by strangers means that the credentials are now public and can be used by third parties to commit further fraud or cybercrime," the agency added. justifying her decision to share the data with Hunt.