So I recently enabled saved passwords feature on one of my phones. I saved two passwords.
Today I got an email saying google has detected where my account is compromised on site breaches, and after logging into to google I have a list of websites where my account is compromised.
It includes a lot of uk companies, I expect they all havent been breached but rather whats happened is this is a user/password combo I used commonly before I started using a password manager, and then some tool has been used to detect which websites it works on.
This is useful info from google but the bit I really didnt like is that google has added all these sites with the username/password to my saved password list on my google account, as if it has gone out harvesting for data to add.
I am not sure though, but here is the count.
145 exposed passwords, according to google these were revealed in data breaches, it includes sites like argos, ebuyer game uk and iceland.
Below this it has a bigger list of where it has been detected the use of the same password/combo of 206 sites, presumably this suggests that the 145 have been breached and the extra 60 or so are just detected to use the same combo.
---
Its old data, a lot of the sites I dont use that password anymore, I also noticed in cases if they got the username wrong, if I tried to change the username on google's records it reports its already in use on that site, as if it has their database.
---
Still shifting through the data, its harvested over 400 outdated passwords in total, many also from lan ip's so it must have imported back from when I was using chrome without permission (browser was never logged into google account). They as bad as facebook.