📢 Newsroom Update

Apple’s new MacBook Pro features the incredibly powerful M4 family of chips and ushers in a new era with Apple Intelligence. Learn more >

📢 Newsroom Update

Apple introduces M4 Pro and M4 Max. Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

How do I really know my passwords have been compromised?

Today I got a message from my Chrome browser with 105 passwords they say have been compromised. How do I know that's true? Some of the passwords are for websites that no longer exist. Some of the websites are listed more than once. They say I should change all the passwords. A friend says that is a scam--I put in my old password and then the new one, and then someone has all my passwords. I don't know what to believe--but changing all those passwords is a pain!

MacBook Pro 13″, macOS 10.14

Posted on Jun 17, 2020 4:15 PM

Reply
Question marked as Top-ranking reply

Posted on Jun 17, 2020 4:33 PM

Whether this was a scam or not? Donno.


Some organizations do tie into available services to look for password breaches.


Facebook had reportedly implemented this check.


Other folks post up scary messages to scam folks.


It’s probable that you’ve had passwords exposed. Most of us have.


If you’ve not used unique passwords, there can be problems awaiting.


There are folks actively looking for logins using your email and old and breached passwords.


Here’s a service that looks up how widespread your email—which is usually your login on most services—has been exposed:

https://haveibeenpwned.com/


This service may well be what the report is based on, too.


And if you’ve been re-using passwords, well, these leaked passwords are being used by attackers.

4 replies
Question marked as Top-ranking reply

Jun 17, 2020 4:33 PM in response to okcole

Whether this was a scam or not? Donno.


Some organizations do tie into available services to look for password breaches.


Facebook had reportedly implemented this check.


Other folks post up scary messages to scam folks.


It’s probable that you’ve had passwords exposed. Most of us have.


If you’ve not used unique passwords, there can be problems awaiting.


There are folks actively looking for logins using your email and old and breached passwords.


Here’s a service that looks up how widespread your email—which is usually your login on most services—has been exposed:

https://haveibeenpwned.com/


This service may well be what the report is based on, too.


And if you’ve been re-using passwords, well, these leaked passwords are being used by attackers.

Jun 17, 2020 4:51 PM in response to BobTheFisherman

BobTheFisherman wrote:

Do you really think that if a browser popup says your passwords are compromised and to change all your passwords that it may not be a scam?


It wouldn’t surprise me to see Chrome or another web browser implement this feature.

From a random web site or from a random pop-up, maybe or probably not.

Depends on the website, if it’s not Chrome itself issuing a message—and I don’t use Chrome.

Competently-built add-on security—yeah, there’s a lot of trash in that market—may well implement this, too.

Again, some web sites and some services do verify these credentials.

Whether this case is a scam or not, I do not know.

I would check the password regardless.

Because leaked passwords are getting crammed into logins all over the ‘net.


ps: Safari has a handy feature to detect password reuse, for instance.

How do I really know my passwords have been compromised?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.