Why Do I Get the Warning "A Data Breach on a Site or App Exposed Your Password" in Chrome?

A Complete Guide to Data Breaches

Download this eBook to learn how to avoid a costly data breach with a comprehensive prevention strategy.

Download Now

If you’re getting this warning message, there’s a high chance that your username, password (or both) were compromised in a data breach. Follow these steps to get your account secure again ASAP.

Step 1: Don’t Click the Warning Link

Cybercriminals commonly use fear-inducing tactics to trick users into handing over their sensitive account details. Ever encountered a rouge “virus alert” pop-up message on a website? Well, that’s likely a scam that will demand payment for removing a virus that was never detected.

Instead of clicking on the warning link, and potentially falling victim to a phishing scam, you should manually check if your password was compromised by visiting your Google Password Manager page and clicking on “Go to Password Checkup.”

You’ll need to be logged in to your Google Account for this to work.

The safest method of accessing your Google Password Manager is by loading your Google account manually (you’ll need to be logged in to your Google Account for this to work).

Open a new browser and search google password manager, then click on this result:

Google Password Manager search result.
Google Password Manager search result.
The web address associated with this result should be passwords.google.com

The password checkup page that loads will reveal all of the saved passwords in your Google Account that have been compromised in a data breach. 

If you see a message saying, “You haven’t saved any passwords in your Google Account yet,” the save password feature is NOT enabled, and the data breach message you received is likely a scam that should be ignored.

Google Password Manager showing no saved passwords.

If you want to geek out on the mechanisms powering Google’s credential compromise detection engine, see this infographic, or read this paper.

Important: Google can only detect compromised passwords if you’ve enabled the credential-saving feature in your Chrome browser. You’ll be able to confirm whether this feature is enabled when you’re on your Google Password Manager page.

Step 2: Change all Compromised Passwords

Click the drop-down in the compromised passwords list and immediately change all of your compromised passwords.

Google password checkup.

When you click on Change Password, you will be sent to the website for that account. You will need to change your password by logging into each listed account. Google Chrome will then prompt you to update the new password.

Google password checkup

Once updated, click the Check Remaining Passwords button to be taken back to your compromised passwords list.

Google password manager password updating.

Repeat this process until you have no more compromised Chrome passwords.

Step 3: Update all Weak and Reused Passwords

While you’re on this page, it’s a good idea to revise all the weak passwords being reused.

Google password checkup showing number of reused passwords

Reusing passwords and using weak passwords puts you at a very high risk of being compromised by hackers.

If your login credentials were involved in a past security breach and you unknowingly reused them, you are at risk of further compromise. Hackers could get access to all of the online services and solutions you use with those credentials, which could include your bank accounts.

Weak passwords can easily be guessed with password-cracking software in brute force attacks.

The following graphic indicates the approximate time required for cybercriminals to crack passwords across varying character combinations and lengths.

Note: These estimates do not factor in account access control to mitigate brute force attacks, such as MFA, timed lockouts, and exponentially increasing wait times. As such, they should only be used as a guide.
Times it takes for hackers to brute force your paswords.
Source: hivesystems.io


A message saying - Is your business at risk of a data breach?


What Steps Can I Take to Secure My Passwords?

Better password protection habits will minimize the impact of password breaches. Follow these best practices to ensure a safe browsing experience.

1. Only Generate Passwords with a Password Management Solution

Theoretically, the longer and more diverse your password is, the harder it is to crack. But if you’re coming up with your own passwords, you’ll likely follow a character pattern to make them memorable, and any pattern can easily be cracked with advanced hacking techniques like brute force attacks.

Should I use an Online Password Generator?

Online password generators are a terrible idea because you still need to store them securely - and no, saving your passwords in a note on your iPhone is not a secure storage option.

Instead, you should use a password management solution.

Password management solutions generate unique complex passwords and store them inside a secure vault that can be accessed from an iOS or Android app or a web browser. These solutions are designed never to generate the same password twice. They’re also super easy to use; whenever you need to access your credentials, simply log into the password manager, copy each concealed credential to your clipboard, and paste them into the login fields.

A great password management solution to consider is 1Password.

1Password logo.

2. Enable Two-Factor Authentication

You may roll your eyes, but two-factor authentication is one of the most effective methods of preventing automated cyberattacks. According to Google, two-factor authentication (also known as 2FA) could block up to 100% of automated bot attacks.

Learn more about 2FA.

Most online solutions (at least the ones worth trusting) have two-factor or even multi-factor authentication capabilities, so make sure you get this beautiful feature enabled!

Learn about the differences between 2FA and MFA.

Though Multi-Factor Authentication is a very effective method for securing your accounts, clever hackers could still circumvent this security control. To increase the efficacy of MFA, implement controls addressing all of the security feature’s potential loopholes.

To protect your business from suffering a data breach, download this free data breach prevention guide.

Ready to see
UpGuard in action?

Ready to save time and streamline your trust management process?