Blog
Your Password Was Exposed in a Non-Google Data Breach: How to Respond

Your Password Was Exposed in a Non-Google Data Breach: How to Respond

Catherine Chipeta
Catherine Chipeta
updated Jun 17, 2022

If you’re a Google Chrome user, you may have received the pop-up alert “Your password was exposed in a non-Google data breach” in your web browser. The alert informs users of any recent security breaches which may have compromised their account passwords.

Read on to learn more about what this alert means for your data security and the appropriate steps to secure your personal data.

What is a Data Breach?

A data breach is a high-risk security incident where sensitive data is compromised by an unauthorized individual. The hacker could exploit this data by accessing, copying, transmitting, viewing, or stealing it.

Data breaches commonly involve the exposure of valuable sensitive information, including:

Cybercriminals can also discover and exploit existing data leaks and cloud leaks to cause data breaches. 

Learn about the differences between data breaches and data leaks.

How to Use Password Checkup

There are three ways to access Password Checkup in your Google Account. 

  1. You receive a warning message from Chrome. When you enter unsafe credentials into a website, Chrome will alert you that your username and password have been compromised in a third-party data breach. 
  2. You can access Password Checkup directly here.
  3. You can access Password Checkup via Password Manager here > Click ‘Go to Password Checkup.’
Google Chrome Password Checkup

Once you’re in Password Checkup:

Click the ‘Check Passwords’ button on the Password Checkup page.

Google recommends users update their passwords if:

  1. The password has been exposed in a data breach
  2. The password is considered weak
  3. The password is used across multiple accounts

Google will display the following messages if any of the three issues listed above are found:

  • “X compromised passwords” 
  • “X reused passwords” 
  • “X accounts using a weak password”

How Do Data Breaches Happen?

Data breaches can occur in a number of different ways – either intentionally or accidentally. There are 8 main causes of a data breach:

1. Exploiting System Vulnerabilities

2. SQL Injection (SQLI)

3. Spyware

4. Phishing

5. Insecure Passwords

6. Broken or Misconfigured Access Controls

7. Physical Theft

8. Third-Party Vendor Breaches

How Can I Use Chrome to Check If My Password Was Breached?

First introduced as a Chrome extension in February 2019, Chrome’s Password Checkup checks your username and password against over 4 billion credentials that Google has recognized as unsafe. Similar to haveibeenpwned.com, Google identifies Gmail accounts affected by third-party data breaches and accounts where users are re-using their Gmail passwords, to prevent further compromise.

Google released this feature as part of its broader defense in depth strategy that aims to prevent, detect, and mitigate account hijacking caused by third-party data breaches. 

You’ll need to access Password Checkup to check if your login credentials are unsafe and take further action.

Password Checkup Error Alerts

What Should I Do If My Password Has Been in a Data Breach?

If your password has been exposed in a data breach, you should immediately change the password on all affected accounts. Data breaches often occur as a means of obtaining sensitive information to commit further cybercrimes, such as identity theft or fraud. 

Many countries now have data breach notification laws, which means organizations must inform their customers and immediately resolve breaches. Google’s Password Checkup feature ensures you have additional notification of any data breaches which affect your email account. 

How to Change Your Passwords in Password Checkup

To change your password in Password Checkup:

  • Click the “Check passwords” button.
  • Click the “Change password” button in Password Checkup next to each of the alerts, e.g., “Some of your saved passwords were exposed in a non-Google data breach. You should change them now.” 

  • Navigate to the site where the breached password is used. Change your password on the website. An “Update password?” pop-up will appear to save your new password in Chrome. Another pop-up will appear with a “Change remaining passwords?” button.
  • Click the button to navigate back to Password Manager. You can now repeat the process with the remaining unsafe passwords or exit and resume later by returning to the page.

How to Protect Yourself From Data Breaches

As data breaches are extremely costly to organizations, they are beginning to invest more heavily in data breach prevention mechanisms, such as:

While these techniques help minimize the occurrence of data breaches, they do not entirely prevent them. Smaller-scale data breaches can still occur due to user error.

Individuals should take proactive action to protect themselves against potential entry points for data breaches. 

Common data breach mitigation strategies include:

Secure Your Internet Connection

Hackers can use specialized tools and techniques to intercept internet traffic – this is especially easy to do over public wi-fi networks. Securing your internet connection provides an added layer of protection when sharing sensitive information over the web, which helps prevent data breaches caused by accidentally exposed data.

Only use HTTPS sites. HTTP sites run on unsecured connections, which means hackers can eavesdrop on all incoming and outgoing traffic. For example, if you make a payment transaction on an HTTP site, a cybercriminal could steal your credit card details effortlessly. You should only browse HTTPS sites, which require SSL certification, enabling encrypted connections and greater data security.

Learn more about HTTPS.

Use a Virtual Private Network (VPN). A VPN adds an extra layer of protection for internet users by encrypting all sent and received data. VPNs also conceal users’ IP addresses, further anonymizing all incoming and outgoing traffic. 

Learn more about VPNs.

Use Unique Passwords

Using the same password across multiple accounts has a domino effect in a data breach. If your username and password are compromised via one website, they are also compromised anywhere else that uses the same credentials. Setting different passwords across all your accounts ensures that any security issues will likely remain contained to the first compromised account.  

Learn more about how to create a secure password.

Turn on Additional Authentication

Many online account services now offer two-factor authentication (2FA) and multi-factor authentication (MFA). They offer extra security by requiring two or more types of authentication before allowing users access to their accounts. 

Learn more about two-factor authentication.

Educate Yourself

Gaining awareness of common tactics used to compromise is the first line of defense against accidentally exposing your personal information. You can learn about popular attack vectors, like email phishing scams and malware-infected pop-ups, through online tutorials.

Learn more about how to recognize phishing scams.

Well-Known Examples of Data Breaches

Microsoft Logo

Microsoft

In January 2021, Microsoft Exchange’s email servers were involved in one of the US’ most significant cyberattacks to date. More than 60,000 companies were affected worldwide, 30,000 of which were based in the US. The attackers were able to gain unauthorized access to emails containing sensitive data by exploiting four zero-day vulnerabilities. The email accounts were connected to a range of organizations, including small businesses and local governments. The software flaw allowed the hackers to remain active in the vulnerable systems for three months. 

LinkedIn Logo

Linkedin

In April 2021, hackers performed an illegal data scrape of LinkedIn’s user base, revealing the personal details of over 700 million users. This exposure enabled additional cybercriminals to take advantage of the breached data. One threat actor reportedly tried selling a set of LinkedIn data on a public forum for $7000 in Bitcoin. 

Yahoo Logo

Yahoo 

Between 2013 and 2016, Yahoo was hit by several cyber attacks. A team of Russian hackers exploited Yahoo’s database, stealing records containing personal information from about 3 billion user accounts in total. Yahoo’s delayed reaction to the attack and failure to disclose one of the security incidents to its users resulted in a $35 million fine and 41 class-action lawsuits. 

Equifax Logo

Equifax

In September 2017, primary credit reporting agency Equifax reported a significant data breach that compromised the publicly identifiable information (PII) of 148 million US citizens. The breach exposed its victims to financially-motivated crimes, including identity theft and fraud. Equifax eventually faced penalties to the tune of $575 million to be paid to numerous authorities, states and territories due to their poor network security.

Free

UpGuard logo in white
UpGuard free resources available for download
Learn more

Download our free ebooks and whitepapers

Insights on cybersecurity and vendor risk management.
UpGuard logo in white
eBooks, Reports & Whitepapers
UpGuard free resources available for download
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

See UpGuard In Action

Book a free, personalized onboarding call with one of our cybersecurity experts.
Abstract shapeAbstract shape

Related posts

Learn more about the latest issues in cybersecurity.
Deliver icon

Sign up to our newsletter

Get the latest curated cybersecurity news, breaches, events and updates in your inbox every week.
Abstract shapeAbstract shape
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Website Security scan resultsWebsite Security scan ratingAbstract shape