You are currently viewing Google warns BILLIONS of website passwords have been hacked – how to check yours now
hacker at work

Google warns BILLIONS of website passwords have been hacked – how to check yours now

GOOGLE has warned users that billions of passwords – and hundreds of thousands of username and password combinations – have been hacked.

A Password Checkup add-on for the Google Chrome internet browser was introduced by Google earlier this year.

It shows a warning whenever you log in to a website using “one of over 4 billion usernames and passwords” that has been hacked.

Google does this by cross-referring your log-in details to different sites with a massive list of hacked log-ins.

Google released this handy "how to" to help you get started
Credit: GOOGLE
Google released this handy “how-to” to help you get started credit: GOOGLE

Earlier this year, Google launched a Password Checkup add-on for the Google Chrome web browser.

It displays a warning whenever you sign in to a website using “one of over 4billion usernames and passwords” that have been hacked.

Google does this by cross-referencing your log-in details for different sites with a huge list of hacked log-ins.

“Since our launch, over 650,000 people have participated in our early experiment,” Google’s Jennifer Pullman explained.

 These are the WORST passwords of 2018 – so don't ever use them
These are the WORST passwords of 2018 – so don’t ever use them

“In the first month alone, we scanned 21million usernames and passwords and flagged over 316,000 as unsafe – 1.5% of sign-ins scanned by the extension.”

There’s obviously a huge risk for anyone whose username and passwords from different sites have been hacked.

It’s important to immediately change your log-in details to stay safe.

But even passwords uploaded online without associated usernames can put you at risk.

If you use a very simple password, it’s likely someone else does too – and they may have been hacked themselves.

Hackers buy huge lists of these compromised passwords from lots of different sites because people often re-use them.

So hackers are much more likely to gain access to an account by forcing a long list of “known” hacked passwords than trying random letters or numbers.

“Hijackers routinely attempt to sign in to sites across the web with every credential exposed by a third-party breach,” said Pullman.

“If you use strong, unique passwords for all your accounts, this risk disappears.”

 Google's Chrome extension will show this warning if you're using a breached password
Google’s Chrome extension will show this warning if you’re using a breached password Credit: Google
 Google data shows that users most often re-use vulnerable passwords on shopping, news and entertainment sites
Google data shows that users most often re-use vulnerable passwords on shopping, news, and entertainment sites credit: Google
Password safety – the expert advice
Password safety – the expert advice

How to check your password

The free Password Checkup software can be loaded onto Google Chrome and lets you know if your account details have been compromised in a cyber attack or data breach.

Once installed, the Chrome extension runs in the background of your browser and checks any login details you used.

If your password or username matches a Google database of more than 4billion compromised credentials, the software will flag them.

An alert that pops up on your screen reads: “Password Checkup detected that your password for [website] is no longer safe due to a data breach. You should change your password now.”

If a new data breach occurs, the tool will let you if any of your passwords were compromised the next time you login to Chrome.

It gives you any exposed accounts in a small list that you can click through to change your passwords.

All information is encrypted, and Google says it has no way of seeing your data.

“We built Password Checkup so that no one, including Google, can learn your account details,” Google said.

“Password Checkup was built with privacy in mind. It never reports any identifying information about your accounts, passwords or device.”

You can download Password Checkup from the Chrome Webstore by clicking here.

Alternatively, popular web-tool Have I Been Pwned also lets you check if you’ve ever been hacked.

 This chart reveals the percentage of safe or unsafe passwords – and reveal how much safer "new" passwords are against guessing attacks
This chart reveals the percentage of safe or unsafe passwords – and reveal how much safer “new” passwords are against guessing attacksCredit: Google
Largest breaches – hacked passwords uploaded online
Largest breaches – hacked passwords uploaded online
How Secure is Incognito Mode?