Why does Google Chrome say my login was associated with a data breach?
July 30, 2022 9:35 PM Subscribe
Is there a way to find out information about why Google Chrome says my password has been associated with a data breach?
I have a login/password saved in Google Chrome that Google is saying was found in a data breach. The password is a unique strong password generated by Google Chrome that I use only on a single website. As far as I know, no data breach has been associated with the website I use the password on. I'd like to find out more information about the breach that Google thinks my password was found in. I tried entering my password here (https://haveibeenpwned.com/Passwords) and there were no results. Is there somewhere that I can find more about why Google says that the password is associated with a breach?
I have a login/password saved in Google Chrome that Google is saying was found in a data breach. The password is a unique strong password generated by Google Chrome that I use only on a single website. As far as I know, no data breach has been associated with the website I use the password on. I'd like to find out more information about the breach that Google thinks my password was found in. I tried entering my password here (https://haveibeenpwned.com/Passwords) and there were no results. Is there somewhere that I can find more about why Google says that the password is associated with a breach?
Response by poster: I've seen what you're talking about, but I clicked on "Show Password" and it was a genuine password. In fact, the site doesn't use 2FA as far as I know.
posted by NoneOfTheAbove at 11:09 PM on July 30, 2022
posted by NoneOfTheAbove at 11:09 PM on July 30, 2022
This is poorly worded: the username (and password hash as a pair) will be in data from a breach, so they really want to warn you away from reusing a password.
Companies hide that they've been breached as far as they legally can, so check your username at haveibeenpwned.com.
posted by k3ninho at 11:54 PM on July 30, 2022 [2 favorites]
Companies hide that they've been breached as far as they legally can, so check your username at haveibeenpwned.com.
posted by k3ninho at 11:54 PM on July 30, 2022 [2 favorites]
And your password at https://haveibeenpwned.com/Passwords. This is usually the site that services use to detect and announce leaked/breached credentials.
posted by humbug at 4:15 AM on July 31, 2022 [1 favorite]
posted by humbug at 4:15 AM on July 31, 2022 [1 favorite]
Google does not compare passwords, it compares *hashes* of passwords. So there is also the remote one in a few billion chance your password and some other have the same hash value.
posted by nickggully at 7:28 AM on July 31, 2022
posted by nickggully at 7:28 AM on July 31, 2022
Chrome is warning you that one of your password/username combos has been part of a security breach. I get this too for one of my passwords that was implicated in the Yahoo! breach years ago. But I know it's been leaked and don't care because the entire family uses it for a shared paid service and if I change it I'll have to update everyone's phone/tablet/computer and don't want to do that.
I also don't reuse passwords (due to this incident!) so it is literally the only version of this combo out there, if someone else is using it, enjoy Bridgerton.
posted by fiercekitten at 9:06 AM on July 31, 2022
I also don't reuse passwords (due to this incident!) so it is literally the only version of this combo out there, if someone else is using it, enjoy Bridgerton.
posted by fiercekitten at 9:06 AM on July 31, 2022
« Older Replacements for Crabtree & Evelyn shaving... | Basic permutation calculation - brain is broken so... Newer »
This thread is closed to new comments.
The reason I ask is because I occasionally come across sites where Chrome will mistakenly detect e.g. a one-time 2FA code as a password that should be saved. And I'm pretty sure that every 6-digit combination is weak enough to be in the haveibeenpwned database, so I can imagine that resulting in a false positive.
I don't know if there's a way to see more specifically where Google thinks your password was compromised, but there's a partial list of sources that they use on this page.
posted by teraflop at 10:17 PM on July 30, 2022 [1 favorite]