When the FBI finds leaked login information, it will be included in the database used by the website Have I Been Pwned.
The website makes it possible to search for email addresses and telephone numbers to see if login information has been leaked on the internet.
Have I Been Pwned, or just short HIBP, was released by Troy Hunt and is completely built on open source. The website has several collaborations with various security companies.
Provides Have I Been Pwned with more login information
Last in line to cooperate with Have I Been Pwned is the US Federal Bureau of Investigation (FBI).
”We are excited to be partnering with HIBP on this important project to protect victims of online credential theft. It’s another example of how important public / private partnerships are in the fight against cybercrime. ”- Bryan A. Vorndran, FBI Chief of Staff for IT-Related Crimes
In a press release, the FBI says that they will cooperate with the website to give them access to more leaked login information.
The goal is for more people to find leaked information faster so that passwords can be changed more quickly. All login information is hashed with SHA-1 before being given to Have I Been Pwned.
No information is thus stored in plain text.
The amount of information varies greatly
The amount of information that Troy Hunt will receive on his website depends entirely on the work of the FBI.
”The passwords will be provided in SHA-1 and NTLM hash pairs which aligns perfectly to the current storage constructs in Pwned Passwords (I do not need them in plain text). They’ll be fed into the system as they’re made available by the bureau and obviously that’s both a cadence and a volume which will fluctuate depending on the nature of the investigations they’re involved in “- Troy Hunt, founder of Have I Been Pwnd