Google released a study showing that 1.5 percent of all the logins on the web are exposed to the data breach, making it vulnerable to credential stuffing attacks. The anonymous login data given by Google’s extension, Password Checkup helped in carrying out the study.
A breach notification service by Google and Chrome extension, Password Checkup for gathering anonymous login data were used in this study. Whenever a user with this extension installed, log into any site, anonymous login hash was collected and forwarded to Google. These login credentials were then checked against the breached database, which consisted of 4 billion usernames and passwords.
In case the data matched with the leaked database, the notification was sent to users warning them to change their password.
Google analyzed the data for one month, from February 5 to March 4, 2019, during which 21,177,237 logins were monitored. Around 670,000 users had installed the Password Checkup extension, and out of the total analyzed logins, almost 1.5 percent (316,531 logins) matched the breached database.
A warning was sent to all the users, but only 26 percent responded positively and changed their password. However, people who changed the password, only 60 percent of them managed to create a stronger password than before.
The most number of warnings were sent to entertainment sites, with a warning rate of 6.3 percent. Then came the adult sites where warning rate had been 3.6 percent.
Attackers often try to attack other sites using the already leaked passwords. However, it is better to have a unique password for each site and keep changing them whenever there is a risk of being attacked or leaked database.
Google was able to gather data only from the users with the extension installed, whereas the number of compromised logins could be higher than expected. Not many people who shop online or use online banking are conscious about their digital security.
Therefore data breach might have affected more people than the number suggested in the study.
Photo: ChakisAtelier / Getty Images / iStock
Read next: Assignments tool from Google will now check plagiarism and citation errors of students
A breach notification service by Google and Chrome extension, Password Checkup for gathering anonymous login data were used in this study. Whenever a user with this extension installed, log into any site, anonymous login hash was collected and forwarded to Google. These login credentials were then checked against the breached database, which consisted of 4 billion usernames and passwords.
In case the data matched with the leaked database, the notification was sent to users warning them to change their password.
Google analyzed the data for one month, from February 5 to March 4, 2019, during which 21,177,237 logins were monitored. Around 670,000 users had installed the Password Checkup extension, and out of the total analyzed logins, almost 1.5 percent (316,531 logins) matched the breached database.
A warning was sent to all the users, but only 26 percent responded positively and changed their password. However, people who changed the password, only 60 percent of them managed to create a stronger password than before.
The most number of warnings were sent to entertainment sites, with a warning rate of 6.3 percent. Then came the adult sites where warning rate had been 3.6 percent.
Attackers often try to attack other sites using the already leaked passwords. However, it is better to have a unique password for each site and keep changing them whenever there is a risk of being attacked or leaked database.
Google was able to gather data only from the users with the extension installed, whereas the number of compromised logins could be higher than expected. Not many people who shop online or use online banking are conscious about their digital security.
Therefore data breach might have affected more people than the number suggested in the study.
Photo: ChakisAtelier / Getty Images / iStock
Read next: Assignments tool from Google will now check plagiarism and citation errors of students
