Skip to Content
Security & Privacy

Chrome’s new password leak protection alerts you when your login has been hacked

Americans are not very careful about their passwords. Even with the growing number of large data breaches, it’s hard to get people to change their passwords.

But Chrome has been working to fix that. Earlier this year, it began offering an extension that checks your passwords against known leaked databases. Now, Chrome is taking that task one step further.

See how Chrome plans to make your browsing experience safer and hopefully get you to change your computer habits. We’ll also offer you tips on protecting yourself if you discover your information has been breached.

Breach tool goes from extension to built-in

In February, Google released the Chrome Extension Password Checkup. As you log in to a site, the extension automatically scans your passwords as you enter them.

If it matches an exposed password you’ll receive an alert to change it, as well as some suggestions on how to make your new password more secure. In its first month, Google stated that the extension scanned 21 million usernames and passwords and flagged more than 316,000 as unsafe.

Soon, you won’t have to download the extension to get the same protection. Google has announced that it is adding a built-in data breach notification service to the Chrome browser.

The notification service will alert users when they are logging in to sites with usernames and passwords that have been exposed by breaches. The built-in safety feature is still being developed, but there are reports that it could be released in October.

The features of the extension will be integrated with the browser so you will no longer have to download the extension. Although it will be a default function, users will have the option to turn off the Password Checkup feature.

Google Chrome isn’t the first browser to offer an online safety tool. Firefox beat Chrome to the punch a year ago.

Called Firefox Monitor, the free service helps users find out whether their accounts have been exposed in a data breach. Firefox Monitor is a partnership between Have I been Pwned? and Mozilla.

Have I Been Pwned? is a website that allows consumers to check if their personal data has been compromised in a data breach. Firefox Monitor is not part of the Firefox browser and you must sign up for it separately.


Related: Create easy-to-remember yet super-tough passwords


Data breaches don’t spark many password changes

In a study of its Password Checkup extension, Google estimates that 1.5% of all logins have been exposed in data breaches. However, only 26% of users who were alerted about the breaches changed their password.

That’s mind-boggling when you see that data breaches in 2019 already are on course to surpass those of 2018. This year’s data breaches not only have compromised hundreds of millions of user accounts, but a significant amount of the information hacked has also included personal and financial data.

Among the most serious is First American Financial, one of the nation’s leading settlement and insurance providers. A flaw in its database design made 800 million records containing private mortgage information, tax records and even Social Security and bank account numbers visible to anyone using a web browser.

Capital One’s servers were hacked, exposing the accounts of more than 100 million U.S. customers. About 220,000 accounts exposed contained Social Security and bank account numbers.

To protect yourself before you’re caught in a data breach, change your online account passwords every three months. Also, use new and different passwords for each account because if one gets breached, that could compromise all of your accounts.

If your data has been exposed in a data breach, here’s what you can do:

  • Be on the lookout for phishing scams. Hackers will create emails pretending to be the affected company in hopes of getting you to click on malicious links. If the email provides a link back to the company, don’t click on it. Type the company’s actual URL on your browser to avoid a spoof site.
  • Frequently check your bank statements for signs of suspicious activity. If you see anything strange, report it immediately.
  • If you see suspicious activity on your credit cards, call your credit card company and put a freeze on your accounts as soon as possible.

Be sure to visit to keep up with the latest information on data breaches and tips on how to protect yourself.

Komando Community background

Join the Komando Community!

Get even more digital know-how and entertainment with the ad-free Komando Community! Watch or listen to The Kim Komando Show on your schedule, read Kim's eBooks for free, and get answers in the tech forums.

Join Now