Your Password Was Exposed in a Non-Google Data Breach: How to Respond

If you’re a Google Chrome user, you may have received the pop-up alert “Your password was exposed in a non-Google data breach” in your web browser. The alert informs users of any recent security breaches which may have compromised their account passwords.

Read on to learn more about what this alert means for your data security and the appropriate steps to secure your personal data.

What is a Data Breach?

A data breach is a high-risk security incident where sensitive data is compromised by an unauthorized individual. The hacker could exploit this data by accessing, copying, transmitting, viewing, or stealing it.

Data breaches commonly involve the exposure of valuable sensitive information, including:

Cybercriminals can also discover and exploit existing data leaks and cloud leaks to cause data breaches.

Learn about the differences between data breaches and data leaks.

How to Use Password Checkup

There are three ways to access Password Checkup in your Google Account.

  1. You receive a warning message from Chrome. When you enter unsafe credentials into a website, Chrome will alert you that your username and password have been compromised in a third-party data breach.
  2. You can access Password Checkup directly here.
  3. You can access Password Checkup via Password Manager here > Click ‘Go to Password Checkup.’

Once you’re in Password Checkup:

Click the ‘Check Passwords’ button on the Password Checkup page.

Google recommends users update their passwords if:

  1. The password has been exposed in a data breach
  2. The password is considered weak
  3. The password is used across multiple accounts

Google will display the following messages if any of the three issues listed above are found:

  • X compromised passwords
  • “X reused passwords”
  • “X accounts using a weak password”

How Do Data Breaches Happen?

Data breaches can occur in a number of different ways – either intentionally or accidentally. There are 8 main causes of a data breach:

1. Exploiting System Vulnerabilities

2. SQL Injection (SQLI)

Spyware

4. Phishing

5. Insecure Passwords

6. Broken or Misconfigured Access Controls

7. Physical Theft

8. Third-Party Vendor Breaches

How Can I Use Chrome to Check If My Password Was Breached?

First introduced as a Chrome extension in February 2019, Chrome’s Password Checkup checks your username and password against over 4 billion credentials that Google has recognized as unsafe. Similar to haibenpwned.comGoogle identifies Gmail accounts affected by third-party data breaches and accounts where users are re-using their Gmail passwords, to prevent further compromise.

Google released this feature as part of its broader defense in depth strategy that aims to prevent, detect, and mitigate account hijacking caused by third-party data breaches.

You’ll need to access Password Checkup to check if your login credentials are unsafe and take further action.

Password Checkup Error Alerts

What Should I Do If My Password Has Been in a Data Breach?

If your password has been exposed in a data breach, you should immediately change the password on all affected accounts. Data breaches often occur as a means of obtaining sensitive information to commit further cybercrimes, such as identity theft or fraud.

Many countries now have data breach notification laws, which means organizations must inform their customers and immediately resolve breaches. Google’s Password Checkup feature ensures you have additional notification of any data breaches which affect your email account.

How to Change Your Passwords in Password Checkup

To change your password in Password Checkup:

  • Click the “Check passwords” button.
  • Click the “Change password” button in Password Checkup next to each of the alerts, eg, “Some of your saved passwords were exposed in a non-Google data breach. You should change them now. ”

  • Navigate to the site where the breached password is used. Change your password on the website. An “Update password?” pop-up will appear to save your new password in Chrome. Another pop-up will appear with a “Change remaining passwords?” button.
  • Click the button to navigate back to Password Manager. You can now repeat the process with the remaining unsafe passwords or exit and resume later by returning to the page.

How to Protect Yourself From Data Breaches

As data breaches are extremely costly to organizations, they are beginning to invest more heavily in data breach prevention mechanisms, such as:

While these techniques help minimize the occurrence of data breaches, they do not entirely prevent them. Smaller-scale data breaches can still occur due to user error.

Individuals should take proactive action to protect themselves against potential entry points for data breaches.

Common data breach mitigation strategies include:

Secure Your Internet Connection

Hackers can use specialized tools and techniques to intercept internet traffic – this is especially easy to do over public wi-fi networks. Securing your internet connection provides an added layer of protection when sharing sensitive information over the web, which helps prevent data breaches caused by accidentally exposed data.

Only use HTTPS sites. HTTP sites run on unsecured connections, which means hackers can eavesdrop on all incoming and outgoing traffic. For example, if you make a payment transaction on an HTTP site, a cybercriminal could steal your credit card details effortlessly. You should only browse HTTPS sites, which require SSL certification, enabling encrypted connections and greater data security.

Learn more about HTTPS.

Use a Virtual Private Network (VPN). A VPN adds an extra layer of protection for internet users by encrypting all sent and received data. VPNs also conceal users’ IP addresses, further anonymizing all incoming and outgoing traffic.

Learn more about VPNs.

Use Unique Passwords

Using the same password across multiple accounts has a domino effect in a data breach. If your username and password are compromised via one website, they are also compromised anywhere else that uses the same credentials. Setting different passwords across all your accounts ensures that any security issues will likely remain contained to the first compromised account.

Learn more about how to create a secure password.

Turn on Additional Authentication

Many online account services now offer two-factor authentication (2FA) and multi-factor authentication (MFA). They offer extra security by requiring two or more types of authentication before allowing users access to their accounts.

Educate Yourself

Gaining awareness of common tactics used to compromise is the first line of defense against accidentally exposing your personal information. You can learn about popular attack vectors, like email phishing scams and malware-infected pop-ups, through online tutorials.

Learn more about how to recognize phishing scams.

Well-Known Examples of Data Breaches

Microsoft Logo

Microsoft

In January 2021, Microsoft Exchange’s email servers were involved in one of the US ‘most significant cyberattacks to date. More than 60,000 companies were affected worldwide, 30,000 of which were based in the US. The attackers were able to gain unauthorized access to emails containing sensitive data by exploiting four zero-day vulnerabilities. The email accounts were connected to a range of organizations, including small businesses and local governments. The software flaw allowed the hackers to remain active in the vulnerable systems for three months.

LinkedIn Logo

Linkedin

In April 2021, hackers performed an illegal data scrape of LinkedIn’s user base, revealing the personal details of over 700 million users. This exposure enabled additional cybercriminals to take advantage of the breached data. One threat actor reportedly tried selling a set of LinkedIn data on a public forum for $ 7000 in Bitcoin.

Yahoo Logo

Yahoo

Between 2013 and 2016, Yahoo was hit by several cyber attacks. A team of Russian hackers exploited Yahoo’s database, stealing records containing personal information from about 3 billion user accounts in total. Yahoo’s delayed reaction to the attack and failure to disclose one of the security incidents to its users resulted in a $ 35 million fine and 41 class-action lawsuits.

Equifax Logo

Equifax

In September 2017, Equifax’s primary credit reporting agency reported a significant data breach that compromised the publicly identifiable information (PII) of 148 million US citizens. The breach exposed its victims to financially-motivated crimes, including identity theft and fraud. Equifax eventually faced penalties to the tune of $ 575 million to be paid to numerous authorities, states and territories due to their poor network security.

Source

If you’re a Google Chrome user, you may have received the pop-up alert “Your password was exposed in a non-Google data breach” in your web browser. The alert informs users of any recent security breaches which may have compromised their account passwords.

Read on to learn more about what this alert means for your data security and the appropriate steps to secure your personal data.

What is a Data Breach?

A data breach is a high-risk security incident where sensitive data is compromised by an unauthorized individual. The hacker could exploit this data by accessing, copying, transmitting, viewing, or stealing it.

Data breaches commonly involve the exposure of valuable sensitive information, including:

Cybercriminals can also discover and exploit existing data leaks and cloud leaks to cause data breaches.

Learn about the differences between data breaches and data leaks.

How to Use Password Checkup

There are three ways to access Password Checkup in your Google Account.

  1. You receive a warning message from Chrome. When you enter unsafe credentials into a website, Chrome will alert you that your username and password have been compromised in a third-party data breach.
  2. You can access Password Checkup directly here.
  3. You can access Password Checkup via Password Manager here > Click ‘Go to Password Checkup.’

Once you’re in Password Checkup:

Click the ‘Check Passwords’ button on the Password Checkup page.

Google recommends users update their passwords if:

  1. The password has been exposed in a data breach
  2. The password is considered weak
  3. The password is used across multiple accounts

Google will display the following messages if any of the three issues listed above are found:

  • X compromised passwords
  • “X reused passwords”
  • “X accounts using a weak password”

How Do Data Breaches Happen?

Data breaches can occur in a number of different ways – either intentionally or accidentally. There are 8 main causes of a data breach:

1. Exploiting System Vulnerabilities

2. SQL Injection (SQLI)

Spyware

4. Phishing

5. Insecure Passwords

6. Broken or Misconfigured Access Controls

7. Physical Theft

8. Third-Party Vendor Breaches

How Can I Use Chrome to Check If My Password Was Breached?

First introduced as a Chrome extension in February 2019, Chrome’s Password Checkup checks your username and password against over 4 billion credentials that Google has recognized as unsafe. Similar to haibenpwned.comGoogle identifies Gmail accounts affected by third-party data breaches and accounts where users are re-using their Gmail passwords, to prevent further compromise.

Google released this feature as part of its broader defense in depth strategy that aims to prevent, detect, and mitigate account hijacking caused by third-party data breaches.

You’ll need to access Password Checkup to check if your login credentials are unsafe and take further action.

Password Checkup Error Alerts

What Should I Do If My Password Has Been in a Data Breach?

If your password has been exposed in a data breach, you should immediately change the password on all affected accounts. Data breaches often occur as a means of obtaining sensitive information to commit further cybercrimes, such as identity theft or fraud.

Many countries now have data breach notification laws, which means organizations must inform their customers and immediately resolve breaches. Google’s Password Checkup feature ensures you have additional notification of any data breaches which affect your email account.

How to Change Your Passwords in Password Checkup

To change your password in Password Checkup:

  • Click the “Check passwords” button.
  • Click the “Change password” button in Password Checkup next to each of the alerts, eg, “Some of your saved passwords were exposed in a non-Google data breach. You should change them now. ”

  • Navigate to the site where the breached password is used. Change your password on the website. An “Update password?” pop-up will appear to save your new password in Chrome. Another pop-up will appear with a “Change remaining passwords?” button.
  • Click the button to navigate back to Password Manager. You can now repeat the process with the remaining unsafe passwords or exit and resume later by returning to the page.

How to Protect Yourself From Data Breaches

As data breaches are extremely costly to organizations, they are beginning to invest more heavily in data breach prevention mechanisms, such as:

While these techniques help minimize the occurrence of data breaches, they do not entirely prevent them. Smaller-scale data breaches can still occur due to user error.

Individuals should take proactive action to protect themselves against potential entry points for data breaches.

Common data breach mitigation strategies include:

Secure Your Internet Connection

Hackers can use specialized tools and techniques to intercept internet traffic – this is especially easy to do over public wi-fi networks. Securing your internet connection provides an added layer of protection when sharing sensitive information over the web, which helps prevent data breaches caused by accidentally exposed data.

Only use HTTPS sites. HTTP sites run on unsecured connections, which means hackers can eavesdrop on all incoming and outgoing traffic. For example, if you make a payment transaction on an HTTP site, a cybercriminal could steal your credit card details effortlessly. You should only browse HTTPS sites, which require SSL certification, enabling encrypted connections and greater data security.

Learn more about HTTPS.

Use a Virtual Private Network (VPN). A VPN adds an extra layer of protection for internet users by encrypting all sent and received data. VPNs also conceal users’ IP addresses, further anonymizing all incoming and outgoing traffic.

Learn more about VPNs.

Use Unique Passwords

Using the same password across multiple accounts has a domino effect in a data breach. If your username and password are compromised via one website, they are also compromised anywhere else that uses the same credentials. Setting different passwords across all your accounts ensures that any security issues will likely remain contained to the first compromised account.

Learn more about how to create a secure password.

Turn on Additional Authentication

Many online account services now offer two-factor authentication (2FA) and multi-factor authentication (MFA). They offer extra security by requiring two or more types of authentication before allowing users access to their accounts.

Educate Yourself

Gaining awareness of common tactics used to compromise is the first line of defense against accidentally exposing your personal information. You can learn about popular attack vectors, like email phishing scams and malware-infected pop-ups, through online tutorials.

Learn more about how to recognize phishing scams.

Well-Known Examples of Data Breaches

Microsoft Logo

Microsoft

In January 2021, Microsoft Exchange’s email servers were involved in one of the US ‘most significant cyberattacks to date. More than 60,000 companies were affected worldwide, 30,000 of which were based in the US. The attackers were able to gain unauthorized access to emails containing sensitive data by exploiting four zero-day vulnerabilities. The email accounts were connected to a range of organizations, including small businesses and local governments. The software flaw allowed the hackers to remain active in the vulnerable systems for three months.

LinkedIn Logo

Linkedin

In April 2021, hackers performed an illegal data scrape of LinkedIn’s user base, revealing the personal details of over 700 million users. This exposure enabled additional cybercriminals to take advantage of the breached data. One threat actor reportedly tried selling a set of LinkedIn data on a public forum for $ 7000 in Bitcoin.

Yahoo Logo

Yahoo

Between 2013 and 2016, Yahoo was hit by several cyber attacks. A team of Russian hackers exploited Yahoo’s database, stealing records containing personal information from about 3 billion user accounts in total. Yahoo’s delayed reaction to the attack and failure to disclose one of the security incidents to its users resulted in a $ 35 million fine and 41 class-action lawsuits.

Equifax Logo

Equifax

In September 2017, Equifax’s primary credit reporting agency reported a significant data breach that compromised the publicly identifiable information (PII) of 148 million US citizens. The breach exposed its victims to financially-motivated crimes, including identity theft and fraud. Equifax eventually faced penalties to the tune of $ 575 million to be paid to numerous authorities, states and territories due to their poor network security.

Source

More from author

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Related posts

Advertismentspot_img

Latest posts

Threat Intelligence Services Are Universally Valued by IT Staff

Almost all IT professionals believe that threat intelligence services and feeds will help their company get ready for and repulse malware attacks. Only...

Black Basta may be an all-star ransomware gang made up of former Conti and REvil members

The group has targeted 50 businesses from English speaking countries since April 2022. ...

APAC companies are failing to build successful digital models: Forrester

Approximately 61% of APAC organizations have failed to build robust and successful digital business business models, primarily due to unsound practices of enterprise architecture...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!