Google Estimates 1.5% of Web Logins Exposed in Data Breaches


A Google-released research estimates that 1.5% of all logins used on the internet are susceptible to credential assaults as information breaches are revealed. This number is based on anonymous Google login information via its Password Checkup extension.

Google has developed the infringement notification service and an related browser extension for Chrome Password Check-up to collect anonymous information and hashed registrations. When a user logs into a website with the installed extension, an anonymous hash of login credentials is returned to Google and checked for 4 billion passwords and user names that have been spread in information violations.

A notice like the one below shows that warns the user and prompts them to modify their password if a match has been discovered.

Password checkup

Password Checkup Extension

Using anonymous stats gathered over a one months period from February 5 to March 4, 2019, Google discovered that 1.5% of the 21,177,237 logins monitored were detected in information violations. The 316,531 logins for the around 670,000 customers who installed the Password Checkup extension were obtained.

Of the notified consumers, only 26% of the warnings led in a change of password. Of these modifications to password, however, 60 percent led in the user shifting to a secured password.

“Nearly 670,000 users from around the world installed our extension over a period of February 5–March 4, 2019. During this measurement window, we detected that 1.5% of over 21 million logins were vulnerable due to relying on a breached credential—or one warning for every two users. By alerting users to this breach status, 26% of our warnings resulted in users migrating to a new password. Of these new passwords, 94% were at least as strong as the original.”

Adult sites and entertainment sites, like video streaming sites, were the sites with the largest number of warnings. Adult sites had a 3,6% warning rate, while entertainment sites had a 6,3% warning rate.domain-categories

As compromised login credentials could be used to fill in credentials, which is when attackers attempt to access other locations using leaked logins, it is essential that one-off passwords are used for each site and passwords can be changed rapidly.

Compromised logins are probably higher

While Google estimates that only 1.5 percent of all logins have been affected in information breaches, it is quite feasible that this percentage is greater.

Most consumers that use the internet for shopping, banking or other connections are likely not as aware of safety as those who have installed the Google Password Checkup extension.

“Our detection rate is lower than the 6.9% reported by Thomas et al. [54] for 751 million  and 1.9 billion breached credentials. Possible reasons include the user population that adopted our extension is more security conscious— thus avoiding reuse as a behavior—or that dormant accounts have a higher reuse rate, which by nature our extension cannot observe as we perform checks at login time”

If you therefore consider the general population of customers on the internet and not those who take an active attitude to safety, you could significantly increase the percentage of compromised logins.

The complete findings of the Google research can be discovered in the article on “Protecting credential accounts with Password Infraction alerts,” which will be submitted at the USENIX Security Symposium this week.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.