Help end medical misogyny. Sign our petition.

Help end medical misogyny.
Sign our petition.

Sign the petition

Please or to access all these features

Chat

Join the discussion and chat with other Mumsnetters about everyday life, relationships and parenting.

Google Security Alert

5 replies

passwordpalaver · 10/07/2026 04:56

Received an email from Google tonight telling me my password was found in a non Google data breach and then my non Google email address was detailed below it (the email address the alert had been sent to, which is my main email address).

It then said “we’ve taken steps to protect your Google account, and you should change your password now.

When I google this, I’m told to check Google password manager. I did this and it says I haven’t saved any passwords in my Google account, which makes sense as I wouldn’t know how! My Google email is never really used, it’s just a back up. There’s also no suspicious notifications on my Google account.

The email address the alert came from look legit, but I’m really confused?

Can someone please explain?

OP posts:
passwordpalaver · 10/07/2026 05:04

I should also say, the password for my Google account and the email account this email was sent to are both unique.

OP posts:
Mumtobabyhavoc · 10/07/2026 06:32

Sounds confusing.
To be safe: do not reply or click any links and
change your email passwords.

Zuve · 10/07/2026 06:49

Yes, the message itself could be scam. Just quietly change the password. I know some one who changes their email every three years

FunStork · 10/07/2026 07:02

You could ask Google Gemini (I did for you):

Here is a clear, reassuring reply you can post to help explain exactly what is happening to this user:
This is a very common point of confusion, but you can breathe a sigh of relief—your actual Google account hasn't been hacked, and the email you received is almost certainly legit.
Here is exactly what is going on and why it's a bit confusing:

  1. Google isn't just watching your Gmail
Google runs a massive security service that monitors the "dark web" for data breaches from other websites (like shopping sites, old forums or streaming services). When a random website gets hacked, hackers leak lists of email addresses and passwords. Google scans these leaks to protect people.
  1. Why it flagged your main email
Even though you don't use your Google account much, you likely used your main non-Google email address and a specific password to sign up for a random website years ago. That website is the one that got breached. Because that main email is linked to your Google account as your contact or recovery email, Google is proactively warning you: "Hey, we spotted your main email and a password in a leak out on the internet."
  1. Why your Google Password Manager is empty
Google Password Manager only shows passwords you have actively saved while browsing on Chrome or an Android phone. Because you don’t use it, it’s blank. The alert isn't saying the password was stolen from Google. It’s saying: "We found this email/password combination exposed on the web. If you happen to reuse that same password for your Google account—or any other important account—you need to change it immediately." What you should do now: Check the sender: To be 100% sure it's legit, check the sender's address. Real Google security alerts usually come from [email protected]. Do NOT click links in the email: Just to be totally safe from phishing, don't click any "Change Password" links in the email itself. Go to the source: If you want to see exactly which website leaked your details, go directly to haveibeenpwned.com (a highly trusted, free security site) and type in your main email address. It will tell you exactly which data breach your email was found in. The Golden Rule: If you use the password from that leaked website anywhere else (like your online banking, your main email or your Google account), change it on those sites today.
passwordpalaver · 10/07/2026 18:58

Thank you for the replies, especially @FunStork - very helpful.

Still a bit odd to me, as I only changed my main email password a few months ago.

A few negative reviews for haveIbeenpwned so may not use that.

Will change my email passwords though.

OP posts:
New posts on this thread. Refresh page