Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

FBI to Share Compromised Passwords With Have I Been Pwned

FBI to Share Compromised Passwords With Have I Been Pwned

The FBI will soon begin to share compromised passwords with Have I Been Pwned’s ‘Password Pwned’ service that were discovered during law enforcement investigations.

The Have I Been Pwned data breach notification site includes a service called Pwned Passwords that allows users to search for known compromised passwords.

Using this service, a visitor can input a password and see how many times that password has been found in a breach. For example, if we enter the password ‘password,’ the service states that it has been seen 3,861,493 times in data breaches.

Password Pwned search for password
Password Pwned search for ‘password’

Today, Have I Been Pwned creator Troy Hunt announced that the FBI would soon be feeding compromised passwords found during law enforcement investigations into the Pwned Password service.

Also Read: What Does A Data Protection Officer Do? 5 Main Things

By providing this feed, the FBI will allow administrators and users to check for passwords that are known to be used for malicious purposes. Admins can then change the passwords before they are used in credential stuffing attacks and network breaches.

“We are excited to be partnering with HIBP on this important project to protect victims of online credential theft. It is another example of how important public/private partnerships are in the fight against cybercrime,” – Bryan A. Vorndran, Assistant Director, Cyber Division, FBI.

The FBI will share the passwords as SHA-1 and NTLM hash pairs that can then be searched using the service or downloaded as part of Pwned Password’s offline list of passwords.

Password Pwned allows users to download the compromised passwords as lists of SHA-1 or NTLM hashed passwords that can be used offline by Windows administrators to check if they are being used on their network.

You can download these lists with the hashes sorted alphabetically or by their prevalence. For example, the list below shows the NTLM hash ’32ED87BDB5FDC5E9CBA88547376818D4′ being used over 24 million times.

NTLM hashed password list sorted by prevalence
NTLM hashed password list sorted by prevalence

It is not surprising that this NTLM hash is for the password ‘123456‘.

To help facilitate this new partnership, Hunt has made Password Pwned open source via the .NET Foundation and is asking other developers to help create a ‘Password Ingestion’ API.

Also Read: The DNC Registry Singapore: 5 Things You Must Know

The FBI and other law enforcement agencies can use this API to feed compromised passwords into the Password Pwned database.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us