Only around a third of users usually change their passwords following a data breach announcement, according to a recent study published by academics from the Carnegie Mellon University's Security and Privacy Institute (CyLab). From a report: The study, presented earlier this month at the IEEE 2020 Workshop on Technology and Consumer Protection, was not based on survey data, but on actual browser traffic. Academics analyzed real-world web traffic collected with the help of the university's Security Behavior Observatory (SBO), an opt-in research group where users sign up and share their full browser history for the sole purpose of academic research. The research team's dataset included information collected from the home computers of 249 participants. The data was collected between January 2017 and December 2018 and included not only web traffic, passwords used to log into websites and stored inside the browser. Based on their analysis of the data, academics said that of the 249 users, only 63 had accounts on breached domains that publicly announced a data breach during the collection interval. CyLab researchers said that of the 63 users, only 21 (33%) visited the breached sites to change their passwords, and that of these 21, only 15 users changed passwords within three months after the data breach announcement.Read more of this story at Slashdot. Click here to read full news..