Jump to content

Chrome data breach warning, my usual account name and password combination might be stolen by someone


Go to solution Solved by itman,

Recommended Posts

Posted

I have been using Eset Internet Security for about 2 years.

This morning Chrome browser started to give warning about a data breach, when I visited a trusted website and wrote my account information/email and password combo to sign-in:

"A data breach on a site or app exposed your password" and it recommends me to change my password.I noticed it is related to one of my accounts, whenever I use  that email and password combination on some websites , Chrome warns me with the same message.

It may be probable that a website which had my account information, got hacked but I think that the problem may be different.

Yesterday I visited some potentially dangerous websites which had potentially malware stuff.I rarely visit those websites and it might  sound silly but generally I do it for the purpose of testing my security software.I know that it is dangerous and that no security product can give full security.Though still, I don't download and run .exe files from those websites, I only visit some of their pages.

I didn't give any account information on those websites but I strongly think that they took my account combination information from my pc, somehow.

About 2 years ago, while I was using Eset Internet Security trial, I was testing the product by visiting potentially dangerous websites.In the same days, I had visited another security vendor's forum page and wanted to register for the forum, but that website had given me a warning similar to Chrome's warning.

 

And a few months ago from present, when I wanted to sign-in for a popular game server, after I wrote my account name and password, that page suddenly started asking me my cellphone number.I contacted the support staff of the game server and told them that I never wrote a cellphone number into my account details, they told me that my account was stolen and then they reset my password so my account got recovered.

 

My question is, is it possible that while I was visiting potentially dangerous websites, my account name and password combination got stolen somehow and not detected by Eset Internet Security?(or maybe I wrongly chose "allow" when it asked for permission to allow connection)

 

Note: I have an account for this forum actually but I decided  not to sign-in to it for asking this question, it is the same account/password combination which was stolen and I thought it might be a bad idea to use it while asking this question for probable security reasons.Though of course I am  changing the password soon. 

  

 

 

 

Posted

I wrote in my post that Chrome warns when I entered my account email and password combination onto websites, later I realized that Chrome gives me warning about password only , which email/account name I use doesn't matter.

Posted (edited)

Thanks for your answer.☺️

So if I didn't understand it wrong, Chrome on my pc wasn't hacked, Chrome's warning about data breach means that my account name and password were exposed during a historic  data breach on another website or app which  was storing my account name and pasword.

I wrote that I visited potentially dangerous sites  "yesterday"(two days ago now) ,so was it  a coincidence that the next day Chrome started giving me warning about exposed password and it's unrelated to it?

Edited by CaucasianOvcharka
Posted (edited)

Well, actually I think I found the data breach which exposed my account name and password.It's an online gaming website which had the data breach in 2019, I was a member of them.

Still I don't understand why Chrome didn't warn me about my exposed account name and password combination much earlier...

Edited by CaucasianOvcharka
  • Most Valued Members
Posted
1 hour ago, CaucasianOvcharka said:

Well, actually I think I found the data breach which exposed my account name and password.It's an online gaming website which had the data breach in 2019, I was a member of them.

Still I don't understand why Chrome didn't warn me about my exposed account name and password combination much earlier...

It's worth signing up to https://haveibeenpwned.com which alerts you for breaches. If you sign up it will show you all the websites that your email address has been breached on

Posted (edited)

Thanks for your answer.Actually I found the data breach of the online gaming website(which I was a member of) via haveibeenpwned.com ☺️  I didn't know haveibeenawned.com had a signup feature to alert me whenever  happens/it detects a breach of my account/email on web, I may sign-up, thanks for the suggestion.

 

Edited by CaucasianOvcharka
Posted

As noted in the above linked Google support article, these password compromise alerts can be spoofed. Never click on any web page link in such messages that instructs you to do so to change the password. Rather do so manually by directly accessing the web site where a compromised password was used and change it there.

Posted (edited)

Thanks for your answer itman. Yes, I have been changing passwords manually. There are more than 100 websites on which I have used the same combination , so it's a bit boring of course...This time I am giving unique passwords to each of the websites on which I am changing the passwords and writing them in a text file on my pc, so even if one of my passwords got stolen by a website's data breach in the future, I will not need to change my password on all those websites.

Edited by CaucasianOvcharka
  • Most Valued Members
Posted
9 hours ago, CaucasianOvcharka said:

Thanks for your answer itman. Yes, I have been changing passwords manually. There are more than 100 websites on which I have used the same combination , so it's a bit boring of course...This time I am giving unique passwords to each of the websites on which I am changing the passwords and writing them in a text file on my pc, so even if one of my passwords got stolen by a website's data breach in the future, I will not need to change my password on all those websites.

Yeah this is the best idea and using a password manager can also help with this. If you have the premium version, eset includes one.

Another option is to have hard to guess passwords for important stuff at least and enable 2fa where possible. I know people who also use a certain email address for sites they don't want to link to their main email. This can also be good for spam

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...