This list (which you can read in full here) shows the top 100,000 passwords that have been involved in global cyber breaches. We released this in collaboration with international web security expert Troy Hunt, as part of the Have I Been Pwned dataset. His website allows people to check if they have an account that has been compromised in a data breach.

If any of your passwords have appeared on this list, you should change them immediately – read more about why in Dan U’s recent blog post.

If you want to learn more about some simple steps you can take to improve your online security, look at our top tips for staying secure online.

The NCSC website also provides password guidance for system owners.


Customer data could have been lifted from online fitness and bodybuilding store, described as the internet’s biggest online store and forum for gym enthusiasts, has disclosed information of a cyber incident following unauthorised access to its systems which they became aware of in February.

In a statement on its website, it’s claimed hackers gained entry to the network a via phishing email sent in July last year. Details including customer names, email addresses, billing/shipping addresses, phone numbers and order history could have been accessed. But says there’s no evidence to suggest the data has been misused.

The company is encouraging all users to reset passwords and will be automatically resetting passwords for those who don’t reset themselves by 12th June.

Guidance on how to deal with phishing emails is available on the NCSC website as well as tips to help secure yourself online.

You can also check if your credentials have been stolen in a major data breach on