On April 17th, the HaveIBeenPwned.com team added 255,285 hashes to the HIBP database and this has now been added to Netwrix’ repository.
Stefán Jökull Sigurðarson posted the update on X and we retrieved it shortly after.
Over 250.000 new passwords are now searchable in the @haveibeenpwned Pwned Passwords API. This data was provided by law enforcement as part of Operation NOVA, an effort to disrupt the LabHost phishing platform. The data also updated counts for over 80.000 existing passwords.
— Stefán Jökull Sigurðarson (@stebets) April 18, 2025
This update comes from credentials seized by the RCMP’s Project Nova on April 14th where they raided 10 residences and seized data related to the Labhost Phishing as a Service site which was taken down roughly 1 year ago.
Although the service was taken down a year ago and it’s founder already sentenced to jailtime, individuals involved were still seemingly operating and exploiting stolen credentials. This takedown shows how the link between Law enforcement and HIBP makes it the best and freshest source of breached passwords.
With strong password policies in PPE (like our built-in dictionary), checking weak passwords against a breach database is mostly fruitless. However, the ability to check against recent good, strong passwords from takedowns like this is highly valuable. The gap this fills is catching strong passwords that would otherwise be acceptable with good policies but users have re-used (a common occurrence according to Cloudflare’s data) and were breached on other sites. Blocking them is key to both security and compliance.