Compromised cloud server exposes over 500B credential sets

The FBI and the U.K.’s National Crime Agency are updating the Have I Been Pwned website of compromised passwords after nearly 586 million credential sets were allegedly collected from an exposed cloud storage facility, which left them available for access by threat actors, according to Threatpost. Moreover, 226 million of the discovered credentials have been found to be new to the Have I Been Pwned website, a resource created by Microsoft Regional Director Troy Hunt, who the NCA had enlisted to investigate the exposed credentials. “Through analysis, it became clear that these credentials were an accumulation of breached datasets known and unknown. The fact that they had been placed on a U.K. business’s cloud storage facility by unknown criminal actors meant the credentials now existed in the public domain, and could be accessed by other third parties to commit further fraud or cyber-offenses,“ said the NCA. Meanwhile, Veridium Chief Operating Officer Baber Amin expressed surprise and concern over the absence of more than 200 million of the exposed passwords in HIBP. “It points to the sheer size of the problem, the problem being passwords, an archaic method of proving one’s bonafides,“ said Amin.