Several of my passwords have been leaked--browser issue or website?

I have been using MS Edge browser lately, and the developer edition has a feature that informs you if your passwords are found in a hacker database. Lo and behold, today I was notified that 111 of them have been found. Now this is NOT 111 different passwords, but the same 4-5 passwords that I use for different sites. None of these are financial, but I will want to change most if not all of them, so this is going to be a big hassle.

OK--as far as preventing this in the future---is there any way for me to know if someone was able to hack into my browser while I was surfing? Or was this simply hackers cracking the database of the websites I have logged into? Or is there any way to know (I know this sound silly but I thought I'd ask here and see what others here have to say)? FWIW I do keep Windows Security Essentials running 24/7, and I do monthly scans with Malwarebytes also. Scans with each of those just now revealed no malware at all on my system.

If someone was able to access my browser database for passwords, then the only way to prevent this from happening again is to get an account with something like lastpass or whatever, and use them to fill in my passwords. On the other hand, if it is a matter of hackers breaking into website servers, then there was nothing that I could do to prevent that--apart from using different passwords at each website I log into, which is a pain.

 

OK, thanks, that gives me some good perspective. I won't worry about my browser giving up these passwords to a hacker, then.

So for these nonfinancial sites that I do use my browser for, the best way to keep them from being compromised is simply to use a very long password. And if my browser is remembering them, then that shouldn't be a problem.

 

I agree completely with Tony.
To be 99.999% certain, it is highly unlikely your system hacked. It is much more likely, as your correctly suspected, a site you have visited in the past was compromised.

See 2020 Data Breaches | The Worst So Far

To be sure, the vast majority of those hacked sites were hacked because of total incompetence and negligence of the site administrators and company execs!

If you look at the HUGE Equifax hack for example. It never should have happened. The site's software developers had previously identified the vulnerability distributed the security patch to Equifax months before the breach. But the Equifax network administrators and company execs never applied it! Why? Because they were lazy, incompetent idiots!

And to make matters worse, another one of the biggest reasons the Equifax breach was so disastrous is most of "our" very sensitive and personal data stored on their servers was done so "in the clear" - that is, it was not encrypted! This included our full names, addresses, birthdates, driver license numbers, Social Security Numbers, credit information and more.

Not just long but mixed too - that is, not just lower case letters, but upper case, numbers and special characters too. Note many sites require all that. So if me, I might use $gtl0nelyp3ppersCLubhe@rtband instead.

Also, it is best to use unique passwords every where.

Last, I personally am not a fan of saving passwords in any browser. I suspect it is safe, but I would rather use a separate password manager or safe that I can use with any browser. I’ve been using SplashID since my Palm Pilot days. Sadly, it is no longer free. Other recommended safes include, Password Safe, and KeePass Password Safe. Enpass and RoboForm are very popular favorites too.

Another thing I like about using my password safe is I can easily save other sensitive information in there too. For example, all my credit card information (number, security code, PIN, expiration date), or all my kid's Social Security Numbers, bank account info and more. All encrypted, all protected behind a unique "master" password.