Google Chrome Extension Finds Thousands of Hacked Passwords Still in Use

In a study released Thursday, Google found that 1.5% of sign-ins by 650,000 people scanned by its Password Checkup Chrome extension were unsafe, meaning that those usernames and passwords had been hacked through third-party breaches.
Sputnik

"Hijackers routinely attempt to sign in to sites across the web with every credential exposed by a third-party breach," Jennifer Pullman, a software engineer for Google, is quoted as saying by multiple sources. "If you use strong, unique passwords for all your accounts, this risk disappears."

In February, Google released its Password Checkup extension to keep online accounts safe from hacking. Google is aware of more than 4 billion username and password combinations that are unsafe due to third-party data breaches.

“Wherever you sign-in, if you enter a username and password that is no longer safe due to appearing in a data breach known to Google, you’ll receive an alert. Please reset your password. If you use the same username and password for any other accounts, please reset your password there as well,” Google says in a description of the extension on the Chrome Web Store.

“In the first month alone, we scanned 21 million usernames and passwords and flagged over 316,000 as unsafe - 1.5% of sign-ins scanned by the extension,” Google concluded in a blog post Thursday. Google’s research also found that 81,368 accounts, roughly 26% of users, ended up ignoring recommendations to reset passwords flagged by the extension as unsafe. 

In addition, entertainment sites had the highest percentage of breached passwords at 6.3%, while pornography sites followed closely behind at 3.6%. Financial and government websites were much less likely to have breached passwords, at 0.3% and 0.2%, respectively.

“Even better, 60% of new passwords are secure against guessing attacks — meaning it would take an attacker over a hundred million guesses before identifying the new password,” Google added. “Our study illustrates how secure, democratized access to password breach alerting can help mitigate one dimension of account hijacking.”

Discuss