Chrome Pop-up: "A data breach exposed your password"

For the past couple days, every time I log into Chronicle of the Horse on Chrome, I get a message that says:

“A data breach reported. A data breach on this site exposed your password. Chrome recommends changing your password now.”

From everything I can tell, this appears to be a legit feature added to Chrome in December:
https://security.googleblog.com/2019/12/better-password-protections-in-chrome.html

I am getting the message on both my home and work computer. I have changed my password, but the message persists every time I log in to COTH. I have not received this message with any other website I use.

I am just posting this as an FYI and to see if anyone else is experiencing the same.

Yes, but not here. I think it happens any time you enter a breeched password into a website.

Honest question: if that is the case, then why is the message persisting after changing my password to one I have never used with this email/screen name?

I’m not sure! That’s not happened to me. Every time I’ve seen the message and change the password, I don’t see the pop up again there. I’m on mobile–what platform are you on? Any chance there’s a password stored somewhere that could be triggering? Does clearing cookies and or cache resolve it?

I’m not super familiar with the new feature, but the way that it works is it is looking for the username/password combo against datasets of known breaches. It is not necessarily only matching a username/password combination that you used with COTH. So for example, one of the most common passwords that people use is ‘iloveyou’. Suppose your old password was “princess” (another common one).

1. you change your COTH username/password from Texarkana/princess to Texarkana/iloveyou.

Even though you’ve never used that password before, if you or someone else made an account say at Target with the username Texarkana/iloveyou it will still come up as breached.

Texarkana is a common enough idea that it might not be an account you made that is in the breached account data. I’d suggest trying again with a really long and unlikely password and see if it still alerts at you.

If on the other hand your password is already really hard, the next thing I’d look at is if it has stored multiple passwords for you in the keychain, such that maybe the old one is in there even if you didn’t use it to log in. Then I’d also clear cookies for COTH.

Thanks for the suggestions.

I’m getting the notification on my laptops running Chrome: both my Mac and PC. I’m not getting the notification when I use Chrome on my mobile device.

I’ve tried clearing my cache and no luck.

And I don’t think it’s likely that my username/password combo are being used elsewhere. My password is a long string of nonsense with all the usual security characters.

But if I’m the only one receiving the message, then it’s likely something on my end…

Did you clear the cookies for the site too?

Yes. I cleared everything.

After posting this, I realized I was only getting the warning whenever I logged in using my email (not my screen name). The “new” password that I updated to is complicated, but one I’ve likely used in the past for other sites. So I changed my password for a third time to one I am positive has not been used in conjunction with that email address, and the problem seems to be resolved.

Thanks everyone!