Computer Software > Security

Google password Exposed

(1/3) > >>

sevenlayermuddle:
Out if the blue got an email from Google, saying "Someone knows your password", please change it.  Turns out it was referred to an ancient account, but one that was still forwarding to me.
I had a devil of a job logging in, probably as I was getting the password wrong but eventually got a recovery code and logged in, changed the password.

Under account management, it lists recent security events including, earlier today... 

"Password exposed in non-Google data breach".  :-\

Anybody know what's going on?  Anybody else affected? 

Ronski:
One of the staff at work had this today, it referred to their company email address, I'm not sure why though.

The email seemed as far as I could tell to be genuine, and googling seemed to find many others that were confused by it, and considered it genuine.

I suggested they spoke with our iT provider, and followed a link I supplied to their Google notifications to see if it gave any further information.

PS I am aware that Google checks the passwords it knows against lists of compromised password's, and then informs the user. I can see this happening with passwords associated with Google accounts, but a company email which is nothing to do with Google???

sevenlayermuddle:
It was genuine OK, as I could see the evidence in logged in account settings.

Curious thing is, it's an account I set up when I got an Android phone, to avoid using my regular email account for Android login.  Don't think I used it for any other purpose other than logging in on that Android phone, which I have long since abandoned.   I may be wrong but I don't recall using that email address, let alone the password, for any other purpose whatsoever.  If the address & password really have been leaked, it would suggest a probability that it's Google themselves who have been breached.   :o

Oh well we'll soon find out.  It will probably be in the news quite soon if that proves to be the case.  ::)

More likely, I've just forgotten using it for some other silly thing.

sevenlayermuddle:

--- Quote from: Ronski on December 03, 2020, 10:24:16 PM ---PS I am aware that Google checks the passwords it knows against lists of compromised password's, and then informs the user. I can see this happening with passwords associated with Google accounts, but a company email which is nothing to do with Google???

--- End quote ---

Ah, I didn't know that.  I wonder if maybe they just check the passwords, disregarding usernames?

The password in my affected account was not particularly strong.   I am prepared to believe that out the hundreds of billions of people on Earth somebody else used it too, and maybe their login/password combo at some site got compromised.   But that would be no reason for Google to panic me by suggesting that one of my own accounts has been breached!   :'(

Ronski:
It's a very poor email that really lacks any explanation, but it implies the password is available in password lists, so it is entirely possible that someone else had used the same password.

Perhaps try the password here https://haveibeenpwned.com/Passwords it will tell you how many times it's been leaked, but unfortunately not where.

Navigation

[0] Message Index

[#] Next page

Go to full version