Newly published research from Google surrounding its Password Checkup extension for Chrome found that 1.5%, or 310,000, of 21 million usernames and passwords were stolen or exposed credentials.
Google took a sampling of some 670,000 users and their logins from the early adopters of the extension, which alerts Chrome users when their credentials have been found exposed or stolen. The company also found that users who were warned their passwords were stolen created new passwords just 26% of the time.
"Based on anonymous telemetry reported by the Password Checkup extension, we found that users reused breached, unsafe credentials for some of their most sensitive financial, government, and email accounts. This risk was even more prevalent on shopping sites (where users may save credit card details), news, and entertainment sites," Google wrote in a blog post this week.
"In fact, outside the most popular web sites, users are 2.5X more likely to reuse vulnerable passwords, putting their account at risk of hijacking," the post said.
Read more here.