Why Do I Get the Warning "A Data Breach on a Site or App Exposed Your Password" in Chrome?

If you’re getting this warning message, there’s a high chance that your username, password (or both) were compromised in a data breach. Follow these steps to get your account secure again ASAP.

google data breach warning

Step 1: Don’t Click the Warning Link

Cybercriminals commonly use fear-inducing tactics to trick users into handing over their sensitive account details. Ever encountered a “virus alert” pop-up message? Well, that’s likely a scam that will demand payment for removing a virus that was never detected.

So to prevent yourself from falling victim to an advanced phishing scam, don’t click on the warning link!

Step 2: Confirm the Data Breach Warning is Real

Important: Google can only detect compromised passwords if you’ve enabled the credential saving feature in your Chrome browser. You’ll be able to confirm whether this feature is enabled when you’re on your Google Password Manager page (you’ll need to be logged in to your Google Account for this to work).

If you see a message saying “you haven’t saved any passwords in your Google Account yet,” the save password feature is NOT enabled, and the data breach message you received is likely a scam that should be ignored.

Google password manager

If you have enabled the credential saving feature, follow this process:

In the Google Password Manager page, click on “Go to Password Checkup.”

The password checkup page will reveal all of the saved passwords in your Google Account that have been compromised in a data breach. This compromise detection technology was initially introduced as a password checkup extension in Chrome, but now, it’s implemented in your Google account. You can opt out of this feature by heading to Chrome Settings under Sync and Google Services.

If you want to geek out on the mechanisms powering Google’s credential compromise detection engine, see this infographic, or read this paper.

google password checkup

Step 3: Change all Compromised Passwords

Click the drop-down in the compromised passwords list and immediately change all of your compromised passwords.

password checkup google

When you click on Change Password, you will be sent to the website for that account. You will need to change your password by logging into each listed account. Google Chrome will then prompt you to update the new password.

password checkup Google chrome

Once updated, click the Check Remaining Passwords button to be taken back to your compromised passwords list.

google chrome check passwords

Repeat this process until you have no more compromised Chrome passwords.

Step 4: Update all Weak and Reused Passwords

While you’re on this page, it’s a good idea to revise all the weak passwords being reused.

google chrome reused passwords

Reusing passwords and using weak passwords puts you at a very high risk of being compromised by hackers.

If your login credentials were involved in a past security breach and you unknowingly reused them, you are at risk of further compromise. Hackers could get access to all of the online services and solutions you use with those credentials, which could include your bank accounts.

Weak passwords can easily be guessed with password-cracking software in brute force attacks.

The following graphic indicates the approximate time required for cybercriminals to crack passwords across varying character combinations and lengths.

average time to hack passwords of varying lengths
Source: hivesystems.io

If you want to check how long it will take for criminals to crack your password, plug it into this free password strength checker.

website password strength check

What Steps Can I Take to Secure My Passwords?

Better password protection habits will minimize the impact of password breaches. Follow these best practices to ensure a safe browsing experience.

1. Only Use Strong Passwords (and Never Recycle Them)

According to the graphic above, your password should be at least 12 characters long and consist of numbers and multi-cased letters to achieve the minimum recommended degree of resistance to password cracking attempts.

This criterion is very difficult to meet if you self-design your passwords, especially if you’re also expected never to recycle your passwords - you only have a limited number of pet names, friends, and memorable anniversaries to choose from!

Should I use an Online Password Generator?

Online password generators are a terrible idea because you still need to store them securely - and no, saving your passwords in a note on your iPhone is not a secure storage option.

Instead, you should use a password management solution.

Password management solutions generate unique complex passwords and store them inside a secure vault that can be accessed from an iOS or Android app or a web browser. These solutions are designed never to generate the same password twice. They’re also super easy to use; whenever you need to access your credentials, simply log into the password manager, copy each concealed credential to your clipboard, and paste them into the login fields.

A great password management solution to consider is 1Password.

1password logo

2. Enable Two-Factor Authentication

You may roll your eyes, but two-factor authentication is one of the most effective methods of preventing automated cyberattacks. According to Google, two-factor authentication (also known as 2FA) could block up to 100% of automated bot attacks.

With stats like that, it’s worth enduring a slight login delay.

Most online solutions (at least the ones worth trusting) have two-factor or even multi-factor authentication capabilities, so make sure you get this beautiful feature enabled!

Final Thoughts

Improving your password security habits is one of the best and easiest strategies for protecting your personal and financial information.

The total effort should take less time than it takes to crack a 13-character numbered password.

Get a free evaluation of your organization's data breach risk, click here to request your instant security score now!.

Ready to see
UpGuard in action?