Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: the extent of data harvesting, google  (Read 341 times)

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 6581
the extent of data harvesting, google
« on: June 01, 2021, 04:16:37 PM »

So I recently enabled saved passwords feature on one of my phones.  I saved two passwords.

Today I got an email saying google has detected where my account is compromised on site breaches, and after logging into to google I have a list of websites where my account is compromised.

It includes a lot of uk companies, I expect they all havent been breached but rather whats happened is this is a user/password combo I used commonly before I started using a password manager, and then some tool has been used to detect which websites it works on.

This is useful info from google but the bit I really didnt like is that google has added all these sites with the username/password to my saved password list on my google account, as if it has gone out harvesting for data to add.

I am not sure though, but here is the count.

145 exposed passwords, according to google these were revealed in data breaches, it includes sites like argos, ebuyer game uk and iceland.
Below this it has a bigger list of where it has been detected the use of the same password/combo of 206 sites, presumably this suggests that the 145 have been breached and the extra 60 or so are just detected to use the same combo.

---

Its old data, a lot of the sites I dont use that password anymore, I also noticed in cases if they got the username wrong, if I tried to change the username on google's records it reports its already in use on that site, as if it has their database.

---

Still shifting through the data, its harvested over 400 outdated passwords in total, many also from lan ip's so it must have imported back from when I was using chrome without permission (browser was never logged into google account).  They as bad as facebook.
« Last Edit: June 01, 2021, 10:17:18 PM by Chrysalis »
Logged
AAISP - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab - LINE STATISTICS CLICK HERE

aesmith

  • Kitizen
  • ****
  • Posts: 1064
Re: the extent of data harvesting, google
« Reply #1 on: June 16, 2021, 04:35:19 PM »

I definitely don't like the idea of some Google robot trying any of my credentials to see what sites they work on.  Were these tests all done using the two passwords you saved on your phone?  I suppose it's a big disadvantage of simple password managers that their saved passwords can be decrypted to clear text.  Ideally you'd want some master password or key without which they can't be decrypted.
Logged

Alex Atkin UK

  • Kitizen
  • ****
  • Posts: 2878
    • Thinkbroadband Quality Monitors
Re: the extent of data harvesting, google
« Reply #2 on: June 16, 2021, 10:13:44 PM »

Last I checked Google Chrome would show your passwords to anyone who could access your PC, no questions asked.  Its one reason I never saved passwords on it vs Firefox where you can set a master password which has to be provided before your passwords are accessible and also must be entered again if you want to view them at any point.
Logged
INTAKE (ECI) 2xHome Hub 5A (OpenWRT) on Zen/Plusnet, 1xHauwei B535-232 on Voxi 4G, 1xHauwei H122-373 on Three 5G Router: pfSense (i5-7200U) WiFi: nanoHD (OpenWRT) + Honor Router 3
My Broadband History & Ping Quality Monitors

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 6581
Re: the extent of data harvesting, google
« Reply #3 on: June 17, 2021, 04:05:23 AM »

I definitely don't like the idea of some Google robot trying any of my credentials to see what sites they work on.  Were these tests all done using the two passwords you saved on your phone?  I suppose it's a big disadvantage of simple password managers that their saved passwords can be decrypted to clear text.  Ideally you'd want some master password or key without which they can't be decrypted.

The two new passwords on the phone were unique strong passwords, but I in the past did things badly and hence on some sites I have been registered on for a decade+ I was using a common password.
Logged
AAISP - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab - LINE STATISTICS CLICK HERE

tubaman

  • Addicted Kitizen
  • *****
  • Posts: 7981
Re: the extent of data harvesting, google
« Reply #4 on: June 17, 2021, 10:45:44 AM »

Last I checked Google Chrome would show your passwords to anyone who could access your PC, no questions asked.  Its one reason I never saved passwords on it vs Firefox where you can set a master password which has to be provided before your passwords are accessible and also must be entered again if you want to view them at any point.
On my PC Chrome asks for my Windows credentials before showing any stored passwords.
 :)
Logged
BT FTTC 80/20 Huawei Cab - Zyxel VMG8924-B10A

Alex Atkin UK

  • Kitizen
  • ****
  • Posts: 2878
    • Thinkbroadband Quality Monitors
Re: the extent of data harvesting, google
« Reply #5 on: June 17, 2021, 05:52:03 PM »

On my PC Chrome asks for my Windows credentials before showing any stored passwords.
 :)

Nice that they've finally fixed it then, it was an issue for a long long time.
Logged
INTAKE (ECI) 2xHome Hub 5A (OpenWRT) on Zen/Plusnet, 1xHauwei B535-232 on Voxi 4G, 1xHauwei H122-373 on Three 5G Router: pfSense (i5-7200U) WiFi: nanoHD (OpenWRT) + Honor Router 3
My Broadband History & Ping Quality Monitors