Blog
Why Do I Get the Warning "A Data Breach on a Site or App Exposed Your Password" in Chrome?

Why Do I Get the Warning "A Data Breach on a Site or App Exposed Your Password" in Chrome?

Edward Kost
Edward Kost
updated May 11, 2022

If you’re getting this warning message, there’s a high chance that your username, password (or both) were compromised in a data breach. Follow these steps to get your account secure again ASAP.

google data breach warning

Step 1: Don’t Click the Warning Link

Cybercriminals commonly use fear-inducing tactics to trick users into handing over their sensitive account details. Ever encountered a “virus alert” pop-up message? Well, that’s likely a scam that will demand payment for removing a virus that was never detected.

So to prevent yourself from falling victim to an advanced phishing scam, don’t click on the warning link!

Step 2: Confirm the Data Breach Warning is Real

Instead of clicking on the warning link, you should manually check if your password was compromised by visiting your Google Password Manager page and clicking on “Go to Password Checkup.”

You’ll need to be logged in to your Google Account for this to work.

The password checkup page will reveal all of the saved passwords in your Google Account that have been compromised in a data breach. This compromise detection technology was initially introduced as a password checkup extension in Chrome, but now, it’s implemented in your Google account. You can opt out of this feature by heading to Chrome Settings under Sync and Google Services.

If you want to geek out on the mechanisms powering Google’s credential compromise detection engine, see this infographic, or read this paper.

google password checkup

Important: Google can only detect compromised passwords if you’ve enabled the credential saving feature in your Chrome browser. You’ll be able to confirm whether this feature is enabled when you’re on your Google Password Manager page.

If you see a message saying “you haven’t saved any passwords in your Google Account yet,” the save password feature is NOT enabled, and the data breach message you received is likely a scam that should be ignored.

Google password manager

Step 3: Change all Compromised Passwords

Click the drop-down in the compromised passwords list and immediately change all of your compromised passwords.

password checkup google

When you click on Change Password, you will be sent to the website for that account. You will need to change your password by logging into each listed account. Google Chrome will then prompt you to update the new password.

password checkup Google chrome

Once updated, click the Check Remaining Passwords button to be taken back to your compromised passwords list.

google chrome check passwords

Repeat this process until you have no more compromised Chrome passwords.

Step 4: Update all Weak and Reused Passwords

While you’re on this page, it’s a good idea to revise all the weak passwords being reused.

google chrome reused passwords

Reusing passwords and using weak passwords puts you at a very high risk of being compromised by hackers.

If your login credentials were involved in a past security breach and you unknowingly reused them, you are at risk of further compromise. Hackers could get access to all of the online services and solutions you use with those credentials, which could include your bank accounts.

Weak passwords can easily be guessed with password-cracking software in brute force attacks.

The following graphic indicates the approximate time required for cybercriminals to crack passwords across varying character combinations and lengths.

average time to hack passwords of varying lengths

Source: hivesystems.io

If you want to check how long it will take for criminals to crack your password, plug it into this free password strength checker.

website password strength check

What Steps Can I Take to Secure My Passwords?

Better password protection habits will minimize the impact of password breaches. Follow these best practices to ensure a safe browsing experience.

1. Only Use Strong Passwords (and Never Recycle Them)

According to the graphic above, your password should be at least 12 characters long and consist of numbers and multi-cased letters to achieve the minimum recommended degree of resistance to password cracking attempts.

This criterion is very difficult to meet if you self-design your passwords, especially if you’re also expected never to recycle your passwords - you only have a limited number of pet names, friends, and memorable anniversaries to choose from!

Should I use an Online Password Generator?

Online password generators are a terrible idea because you still need to store them securely - and no, saving your passwords in a note on your iPhone is not a secure storage option.

Instead, you should use a password management solution.

Password management solutions generate unique complex passwords and store them inside a secure vault that can be accessed from an iOS or Android app or a web browser. These solutions are designed never to generate the same password twice. They’re also super easy to use; whenever you need to access your credentials, simply log into the password manager, copy each concealed credential to your clipboard, and paste them into the login fields.

A great password management solution to consider is 1Password.

1password logo

2. Enable Two-Factor Authentication

You may roll your eyes, but two-factor authentication is one of the most effective methods of preventing automated cyberattacks. According to Google, two-factor authentication (also known as 2FA) could block up to 100% of automated bot attacks.

With stats like that, it’s worth enduring a slight login delay.

Most online solutions (at least the ones worth trusting) have two-factor or even multi-factor authentication capabilities, so make sure you get this beautiful feature enabled!

Final Thoughts

Improving your password security habits is one of the best and easiest strategies for protecting your personal and financial information.

The total effort should take less time than it takes to crack a 13-character numbered password.

Free

UpGuard logo in white
UpGuard free resources available for download
Learn more

Download our free ebooks and whitepapers

Insights on cybersecurity and vendor risk management.
UpGuard logo in white
eBooks, Reports & Whitepapers
UpGuard free resources available for download
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

See UpGuard In Action

Book a free, personalized onboarding call with one of our cybersecurity experts.
Abstract shapeAbstract shape

Related posts

Learn more about the latest issues in cybersecurity.
Deliver icon

Sign up to our newsletter

Get the latest curated cybersecurity news, breaches, events and updates in your inbox every week.
Abstract shapeAbstract shape
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Website Security scan resultsWebsite Security scan ratingAbstract shape