MILLIONS of Google Chrome users may STILL be using logins that have already been leaked online
- Google introduced Password Checkup to its Chrome web browser in February
- Over 650,000 people have signed up and the service scanned 21 million details
- During this first month the app flagged over 316,000 as unsafe – 1.5% of sign ins
- That suggests millions of Chrome’s five billion installations could be at risk
Cyber criminals may have access to millions of people’s online login details, security research from Google suggests.
The search giant introduced the Password Checkup extension to its Chrome web browser in February this year.
It displays a warning whenever you sign in to a site using one of over four billion usernames and passwords known to be unsafe due to a third-party data breach.
Since its launch over 650,000 people have signed up and, in the first month alone, the service scanned 21 million usernames and passwords.
During this first month, the Password Checkup app flagged over 316,000 as unsafe – 1.5 per cent of sign ins scanned by the extension.
That suggests millions of people’s details are at risk, even if this figure is a conservative representative of a trend across all of Chrome’s five billion installations.
Cyber criminals may have access to millions of people’s online login details, security research from Google suggests. Pictured: This graphic shows that users most often reuse vulnerable passwords shopping, news, and entertainment sites
Hijackers routinely attempt to sign in to sites across the web with every credential exposed by a third-party breach, Google says.
Google found that unsafe login details were used online for some of the most sensitive financial, government, and email accounts.
This risk was even more prevalent on shopping sites – where users may save credit card details – news, and entertainment sites.
Outside the most popular web sites, users are 2.5 times more likely to reuse vulnerable passwords – putting their account at risk of hijacking.
Using strong, unique passwords for all your accounts can help to mitigate this risk, experts advise.
‘Since our launch, over 650,000 people have participated in our early experiment,’ Google’s said in a written statement.
‘In the first month alone, we scanned 21 million usernames and passwords and flagged over 316,000 as unsafe -1.5 per cent of sign-ins scanned by the extension.’

The search giant introduced the Password Checkup extension to its Chrome web browser in February this year. Pictured: This graph shows Google’s findings into how guessable most passwords are
Google’s research suggests that users choose to reset 26 per cent of the unsafe passwords flagged by the Password Checkup extension.
Even better, 60 per cent of new passwords are secure against guessing attacks, they say.
That means it would take an attacker over a hundred million guesses before identifying the new password.
Google has also released two updates to its Password Checkup extension.
The first is a direct feedback mechanism where users can tell the company about issues they are facing via a comment box.
The second lets users to opt-out of the anonymous telemetry that the extension reports.
That includes the number of lookups that surface an unsafe credential, whether an alert leads to a password change, and the domain involved for improving site coverage.

Google introduced the Password Checkup extension to its Chrome web browser in February this year (file photo)