June 20, 2021

The FBI will publish in ‘Have I Been Pwned?’ the ‘hacked’ passwords you discover

HIBP, .NET Foundation and FBI logos.

HIBP, .NET Foundation and FBI logos.

The FBI has reached an agreement with the website that reports on the accounts exposed in data breaches ‘Have I Been Pnewd?’ for which you will post compromised passwords that you discover in your investigations on this site.

This was announced by the cybersecurity researcher and creator of ‘Have I Been Pwned?’, Troy Hunt, that has advanced in its plans to convert the page project into an open source one with external collaborators, as reported in a statement on its personal website.

‘Have I Been Pwned?’ is a web page in which any user can enter an email address manually to check its database if any of its associated Internet accounts has been the victim of a security breach, informing about what data is exposed and when it is produced the violation.

As part of your investigations, exposed user credentials and passwords discovered by the FBI they will be published in ‘Have I Been Pwned?’, and the agency will provide them in a document encrypted using the SHA-1 and NTLM ‘hashing’ protocols, or in plain text.

Data collected by the FBI will be incorporated directly into the database of the cybersecurity website, as they are discovered in their investigations, with a faster route than before to add the compromised information.

This collaboration will require that both the web and the FBI create code together, which will mean the first incorporation of Open Source to ‘Have I Been Pwned?’.

In line with this announcement, Troy Hunt’s page has also reached an agreement with .NET Foundation, a charitable and open ecosystem support foundation that will offer its support to help the migration from the private web to a public domain project.

Hunt has explained that his website is a suitable project for migration to open source because it is a simple code based on Microsoft’s Azure storage systems and Cloudfare, it has no commercial uses in that section and the information on the page is already available. to download at encrypted ‘hash’ format.


Source link