This is a non-IMPACT record, meaning that access to the data is not controlled by IMPACT. For access, see the directions below.

This Resource is offered and provided outside of the IMPACT mediation framework. IMPACT and the IMPACT Coordination Council/Blackfire Technology, Inc. expressly disclaim all conditions, representations and warranties including but not limited to Resource availability, quality, accuracy, non-infringement, and non-interference. All Resource information and access is controlled by entities and under terms that are external to the IMPACT legal framework.


Pwned Passwords List
External Dataset
External Data Source
52 (lowest rank is 52)

Category & Restrictions

cyber crime, password security, cyber defense


Pwned Passwords are 555,278,657 real world passwords previously exposed in data breaches. This exposure makes them unsuitable for ongoing use as they're at much greater risk of being used to take over other accounts.

The entire set of passwords is downloadable with each password being represented as either a SHA-1 or an NTLM hash to protect the original value (some passwords contain personally identifiable information) followed by a count of how many times that password had been seen in the source data breaches. The list may be integrated into other systems and used to verify whether a password has previously appeared in a data breach after which a system may warn the user or even block the password outright.

Additional Details

passwords, pwned, list, 1299, pwned passwords list, source, inferlink, external, external data source, inferlink corporation, corporation, breaches, real, exposed, 657, 555, exposure, unsuitable, ongoing, 278, risk, accounts, password, represented, ntlm, system, warn, sha, personally, user, hash, count, original, breach, protect, block, downloadable, verify, identifiable, systems, appeared, times, integrated, entire, outright, other