Skip to main content

Millions of people are using already-hacked passwords, Google finds

(Image credit: Image source: Shutterstock/Ai825)

Hundreds of thousands of people are continuing to use passwords (opens in new tab) that have previously been stolen and made publicly available, according to a new report by Google. Some of them are even aware that their passwords have been compromised, but have decided not to do anything about it.

Google says its findings come from its Password Checkup Extension for Chrome. The extension scans the password (although Google says it can’t read your passwords) and warns the user if it was compromised in previous breaches or hacks, asking them to change the password (opens in new tab)

Out of roughly 21 million login credentials that were scanned using the extension and were part of the experiment, roughly 316,000 were flagged as unsafe, the company told Motherboard (opens in new tab) in a statement. That’s some 1.5 per cent of all credentials.

Out of that number, a quarter (25 per cent) decided to ignore the warning. So, 81,368 people turned a blind eye on the notification to change their password (opens in new tab). Google believes this could be due to a number of reasons, including not thinking it was worth the time, being confused by the warning, or sharing an account and not being fully in charge of it.

While users often remember to change passwords for key websites, they’re more than two times more likely to reuse breached passwords in less important places, it was added.

“People hear about breaches all the time (unfortunately) and I imagine they feel a bit helpless because they don't even know if they've been affected; hopefully this is a way to reassure them,” a company representative told Motherboard.

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.