Is anyone else getting a message about a data breach when they log in to DBR? In the last day or so, whenever I log in, I get a message from Google that a data breach has exposed my password on this site and I should consider changing it. Is anyone else getting this? I don't get that message on any other sites/apps.
My DBR password isn't used anywhere else that I'm aware of.
No notifications for me either, although I too have a cookie sign me in.
My browser clears everything when it’s closed and I’m not getting any prompts when I log in on Windows or the phone. Are you sure your browser hasn’t been hijacked. It would be strange for DBR to redirect you to Google unless it’s a Chrome feature.
Ok looked it up. Does this explain what you are seeing. https://www.google.com/amp/s/www.wired.com/story/chrome-79-password-check/amp
Last edited by Kdogg; 12-23-2019 at 04:22 PM.
Kdogg already alluded to the possible answer.
If you use Chrome or certain google tools they are now checking your password against a known dictionary of breached passwords.
This doesn’t mean your password has been cracked. It does mean that someone may also have used that exact password elsewhere.
My recommendation is find a password vault app you can use/like (LastPass, OnePassword, Dashlane, etc...) and ratchet up the number of characters in your password. Minimum 13 characters if the website will support it.
Change all your passwords everywhere so they are unique to limit your risk.
Security is going to get even sillier if quantum computing becomes affordable. In the meantime, password length and 2FA/MFA are your best bets to maintain account security.
Sounds like this was the reason. But what I don't understand is why I got the message for this username/password for DBR. DBR is the only site I use this combination of username/password, sonif they're comparing it to a know list of comprised credentials, wouldn't that mean that DBR would've had to have some sort of data breach?
Not saying they did, just trying to understand.
Here’s a test. Log out of your google account in Chrome and see if you still get the prompt. Once you log out Google can’t run the password scan so you will know if that’s why you are seeing the prompt.
My understanding is that it's based on a comparison to passwords you've saved with Google in some way; e.g. the Chrome credential store, or Google's account-based credential store, or with the device. So you shouldn't get the alert if you sign in from a device/browser/session otherwise unaffiliated with your accounts.