Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

"This password has appeared in a data leak" notice on iPhone

Is there any way to find out what website the data leak was from when getting this on my iphone settings?


I want to find the culprit for me now having to change my password used on 59 other sites



[Re-Titled by Moderator]

iPhone 11

Posted on Sep 29, 2020 9:22 AM

Reply
Question marked as Best reply

Posted on Oct 18, 2020 4:02 PM

i bought an iphone 8 plus on ebay and right when i was signing in to all my accounts that i used before it always says its been in a data leak, i want to know if this is from me buying an iphone from ebay or if its just like those scam phone calls you get when they ask for your credit card information.

an example of one of the passwords that has been “leaked.” i just want to know if i have to change all my passwords, even my apple id.

133 replies
Question marked as Best reply

Oct 18, 2020 4:02 PM in response to Aqellezra

i bought an iphone 8 plus on ebay and right when i was signing in to all my accounts that i used before it always says its been in a data leak, i want to know if this is from me buying an iphone from ebay or if its just like those scam phone calls you get when they ask for your credit card information.

an example of one of the passwords that has been “leaked.” i just want to know if i have to change all my passwords, even my apple id.

Nov 7, 2020 5:33 AM in response to Aqellezra

I have a similar scenario, receiving a notification on my iPhone that approx 80 of my username/passwords are the subject of a data breach. However many of my passwords on this notification are different. Ie, not the same password across all sites. I often use a similar password but with different letters or numbers at the end.


Some of these notifications even related to my wife's email addresses and passwords, and one was my sons school log-on with different passwords.


So how can it be that all these websites have suffered data breach at the same time??


I can understand the concept of, say, a retailers website getting hacked and suffering a data breach that contains a list of all its customers including my email and password. And I get that as a precaution Apple may notify me about a potential breach for any other websites where I may have the same email & password combination. But why would I be notified of many other passwords being at risk? Is it because they may contain 'part' of the same password? But that still doesn't explain the notifications relating to my wife and sons passwords which are nothing like mine.


Its almost as if Apples whole key chain password app in my iPhone has been compromised and its spat out all the ones that don't contain a 18 key encryption.


I'm slowly working through them all again and changing them.


Thanks



Sep 30, 2020 10:17 AM in response to Johnathan Burger

I use unique passwords on all sites and have had this warning for several sites that use 5 or 6 figure number PIN's as their password (which are all different by the way).


Does this mean that:


  1. it has actually identified the website with my account username and password combo has been leaked, or
  2. just that these 5 or 6 figure number PIN's have been found on a compromised list for "someone"?


Clearly 1 causes me great concern but 2 would seem reasonable, in that there will be numerous people worldwide that would randomly choose the same 5 figure number, of which some poor sole has had their data breached.

Oct 1, 2020 7:13 PM in response to Aqellezra

Okay, here’s how this scheme works. Some service gets breached. There are lots and lots of service breaches, too.


Every password associated with each account listed in that and in every other breach is then tried on every other service.


Continuously.


Forever.


Re-use a password, and some miscreant will now have access to that service, and whatever additional access can be gained from there. Access ro an Apple,ID (and particularly one without two-factor enabled) is a Bad Day for the account holder, too.


Put differently... Duplicate passwords will get found, just as soon as there’s one been included in a server breach.


And if Apple is reporting this diagnostic, then the password is known to be associated with the account. Bad Day.


As for determining the number of breaches thar an email address has been found, see

https://haveibeenpwned.com/

Further reading over there will provide further background, too.


Resetting the phone is not necessary. Unique passwords are strongly suggested. Two-factor on important accounts such as your Apple ID, too.

Sep 29, 2020 10:28 AM in response to Aqellezra

You will never find the culprit.

Look at the news, many websites and companies are breached.

Many of them don't follow best practices of security by salting and hashing passwords.

It is estimated that 15 billion passwords are available to buy on the dark web.

Your best bet is to use a password generator to create a unique password for each and every website.

iOS has one built in, keychain:

https://support.apple.com/guide/iphone/automatically-fill-in-strong-passwords-iphf9219d8c9/ios


You can also use a service such as 1password or lastpass.

Jul 31, 2021 6:04 PM in response to boredumb

No, the warning is not a scam. Here is a lengthy explanation of how the leaked password warning is generated→Password Monitoring - Apple Support


To summarize, the leaked password list that is used for the leaked password warning came from hundreds of sites that have been hacked over the past several years (remember Equifax, that had 150 million accounts stolen, or Marriott that had over 200 million?), and the passwords have been found for sale on the dark web. There’s also a site where you can check your passwords and user IDs to see if they are on compromised password lists→https://haveibeenpwned.com. Google also has access to leaked password lists, and if you store passwords with Chrome those will be checked against these lists also.


This link describes how other warnings (weak password, reused passwords) work→Password security recommendations - Apple Support


Jul 31, 2021 7:45 PM in response to boredumb

For implementation details, see:


https://manuals.info.apple.com/MANUALS/1000/MA1902/en_US/apple-platform-security-guide.pdf#page132


On iOS and iPadOS, see: Settings > Passwords > Security Recommendations


On macOS, it’s hidden in Safari > Preferences > Passwords


If you’re getting notifications, one or more of your passwords may well be headed for trouble,



Aug 10, 2021 3:11 AM in response to ACliveB

haveibeenpwned contacts multiple famous services such as wattpad and mathway, etc to see if they have been exposed to hackers and accounts have been sold or leaked, and might also confirm that your email or phone-number is part of that list.

This methodology has some limitations however, as it relies on companies actually admitting and giving a record of emails stating that they have been hacked.

Contrastingly Apple's Keychain services use a different method. Like many VPN services like NordVPN, Keychain actually references many deep web links to compromised accounts and immediately contacts the owner. Quote:


"To verify whether a password not present in the local list is a match involves some interaction with Apple servers. To help ensure that legitimate users’ passwords aren’t sent to Apple, a form of cryptographic private set intersection is deployed that compares the users’ passwords against a large set of leaked passwords. This is designed to ensure that for passwords less at risk of breach, little information is shared with Apple. For a user’s password, this information is limited to a 15-bit prefix of a cryptographic hash. The removal of the most frequently leaked passwords from this interactive process, using the local list of most commonly leaked passwords, reduces the delta in relative frequency of passwords in the web services buckets, making it impractical to infer user passwords from these lookups."


(in short cutting through the bull-**** (excuse the french)) and is way faster and more secure of a system. Heres a link to apples website that explains it sort of well: Password Monitoring

Hope this helps!


Royce

Dec 3, 2020 7:06 AM in response to tutu786

tutu786 wrote:

But to keep passwords for every websites is insane.

No, it is not only sane, it is the ONLY way to stay relatively safe. If you use the same password for multiple sites it pretty much guarantees that you will be hacked. Use a password vault app so you don’t have to remember any of them. If you use only Apple products the built in Keychain will do nicely. But all major web browsers also have the ability to save your passwords, including Firefox, Safari, Opera, Chrome, etc. And there are quite a few 3rd party password vaults; here are some (not a complete list):

  • 1password (generally considered the best)
  • lastpass
  • SplashID safe
  • Dropbox Passwords


All of these work the same way. They store your passwords using strong encryption, and you only have to remember one password for the app itself to find any password and have it entered automatically into the website or app.

Oct 18, 2020 4:27 PM in response to kitt161

It has nothing to do with your buying a phone from eBay. iOS 14 checks passwords that you enter against a published list of compromised passwords that have been found in data leaks. You can check them yourself at https://haveibeenpwned.com and tapping on Passwords.


The greatest risk is if you use the same password on multiple sites, and/or you don’t use strong passwords (meaning at least 8, and preferably 12 character passwords that don’t any personally identifiable information).

"This password has appeared in a data leak" notice on iPhone

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.