Brave Password List Was Hacked

I have used Brave exclusively for the past six months. In the past month, I have been bombarded with notices from online vendors that attempts to hack my accounts had been made. Two days ago, I used Google browser because Brave was so balky, and was promptly warned that 91 of my passwords had been hacked, and had likely been hacked from a single source.

Investigating, I found that ALL of them were passwords saved in Brave. There was NO other common source for these passwords, as I do not use any kind of vault or secondary means to save them.

Bottom line, Brave browser got hacked.

could you explain further

what that source and how you sure it’s on brave not on os lvl

@Cypsmith,
There is no indication from what you’ve stated that “brave browser” is hacked. There are a few things we can check to narrow down the cause.

Can you first tell me by what means did you discover that all your passwords were “hacked”?

Additionally, you can check sites like https://haveibeenpwned.com/ to see if your email address has been compromised.

As I explained in my message, it was only the chance occasion of me going back to Google browser that I learned that 91 of my passwords had been compromised. Google raised a flag and warned me that this had happened, and even stated that the compromised passwords likely came from a single source. Brave was the only “single source” that would apply. I do not use any other means to collect passwords than my browsers.

Which raises another concern: There is no doubt that the passwords were compromised: I was bombarded by notices from various vendors that attempts to broach my accounts had happened, which raises an additional question: Why did Brave not flag this? Consider that I had not used Google at all for six months, and yet the minute I did, they immediately warned me of the problem, while Brave remained silent.

@Cypsmith,
When you say that Google warned you, are you referring to their Check passwords feature?

as @Mattches said

chrome has the feature to check if your email get a breach and even firefox offer that option for much longer than chrome https://monitor.firefox.com/ and both relay on data from the site that @Mattches mentioned but that does not mean that brave get hacked

this site https://haveibeenpwned.com/ will show you where the data breach happen

so go check each email on that site and it will tell you from where the breach happen

and you say google say that brave is the source of the data breach could you offer screen shoot for that

No. Click on Settings/Passwords, and “91 Passwords Compromised” dropdown came up. Click on it, and it listed all 91.

i think it much better to provide a screen shoot and you can use any tool to hide your email address

That site showed a small handful of breached sites - 8, and showed details on 4, all known to me over the years. That doesn’t explain why what is now over 100 sites were breached or attempted, all of which resided only on my browser. I’ve used Google, Firefox and Brave, in the past year, but only Brave in the past 5-6 months, when the breach occurred. I’m not saying definitely that it was Brave, but all the evidence points in that direction.

Don’t have any screen shots because I changed all the passwords or deleted the accounts, but if the reoccur, I’ll capture them.

Sorry but can you explain exactly what the evidence is again? I don’t see the connection – especially if Chrome gave you the warning, implying that those same passwords were saved in Chrome. Additionally, if you used the same password for different sites, this means that one site could have been breached, which lead to the subsequent breach of other accounts w/the same password.

It’s highly unlikely that your “browser was hacked” – unless you’ve installed some malware (maybe a shady looking browser extension?) or have visited sketchy/unrepeatable sites recently, there aren’t many ways someone can outright “hack” your browser.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.