UK Sun | Source URL
GOOGLE has warned users that billions of passwords – and hundreds of thousands of username and password combinations – have been hacked.
Cyber-experts are now urging users to make sure they're using tough passwords that haven't already been stolen.
Earlier this year, Google launched a Password Checkup add-on for the Google Chrome web browser.
It displays a warning whenever you sign in to a website using "one of over 4billion usernames and passwords" that have been hacked.
Google does this by cross-referencing your log-in details for different sites with a huge list of hacked log-ins.
"Since our launch, over 650,000 people have participated in our early experiment," Google's Jennifer Pullman explained.
"In the first month alone, we scanned 21million usernames and passwords and flagged over 316,000 as unsafe – 1.5% of sign-ins scanned by the extension."
There's obviously a huge risk for anyone whose username and passwords from different sites have been hacked.
It's important to immediately change your log-in details to stay safe.
But even passwords uploaded online without associated usernames can put you at risk.
If you use a very simple password, it's likely someone else does too – and they may have been hacked themselves.
Hackers buy huge lists of these compromised passwords from lots of different sites because people often re-use them.
So hackers are much more likely to gain access to an account by forcing a long list of "known" hacked passwords than trying random letters or numbers.
"Hijackers routinely attempt to sign in to sites across the web with every credential exposed by a third-party breach," said Pullman.
"If you use strong, unique passwords for all your accounts, this risk disappears."