Skip to main content

Millions of people are using already-hacked passwords, Google finds

(Image credit: Image source: Shutterstock/Ai825)

Hundreds of thousands of people are continuing to use passwords that have previously been stolen and made publicly available, according to a new report by Google. Some of them are even aware that their passwords have been compromised, but have decided not to do anything about it.

Google says its findings come from its Password Checkup Extension for Chrome. The extension scans the password (although Google says it can’t read your passwords) and warns the user if it was compromised in previous breaches or hacks, asking them to change the password

Out of roughly 21 million login credentials that were scanned using the extension and were part of the experiment, roughly 316,000 were flagged as unsafe, the company told Motherboard in a statement. That’s some 1.5 per cent of all credentials.

Out of that number, a quarter (25 per cent) decided to ignore the warning. So, 81,368 people turned a blind eye on the notification to change their password. Google believes this could be due to a number of reasons, including not thinking it was worth the time, being confused by the warning, or sharing an account and not being fully in charge of it.

While users often remember to change passwords for key websites, they’re more than two times more likely to reuse breached passwords in less important places, it was added.

“People hear about breaches all the time (unfortunately) and I imagine they feel a bit helpless because they don't even know if they've been affected; hopefully this is a way to reassure them,” a company representative told Motherboard.