Is there any way to find out what website the data leak was from when getting this on my iphone settings?
I want to find the culprit for me now having to change my password used on 59 other sites
[Re-Titled by Moderator]
iPhone 11
I have a similar scenario, receiving a notification on my iPhone that approx 80 of my username/passwords are the subject of a data breach. However many of my passwords on this notification are different. Ie, not the same password across all sites. I often use a similar password but with different letters or numbers at the end.
Some of these notifications even related to my wife's email addresses and passwords, and one was my sons school log-on with different passwords.
So how can it be that all these websites have suffered data breach at the same time??
I can understand the concept of, say, a retailers website getting hacked and suffering a data breach that contains a list of all its customers including my email and password. And I get that as a precaution Apple may notify me about a potential breach for any other websites where I may have the same email & password combination. But why would I be notified of many other passwords being at risk? Is it because they may contain 'part' of the same password? But that still doesn't explain the notifications relating to my wife and sons passwords which are nothing like mine.
Its almost as if Apples whole key chain password app in my iPhone has been compromised and its spat out all the ones that don't contain a 18 key encryption.
I'm slowly working through them all again and changing them.
Thanks
"I’d tend to expect that Apple uses their own password servers and data collection, possibly proxying into haveibeenpwned or other services. Apple generates a lot of network traffic, and even light traffic from a billion devices would bury many online network services."
And how would only Apple identify compromised passwords that even security companies don't? If anything, they might flag a weaker password as compromised.
As others have said, many times your password isn't compromised. Apple wants you to change it for any number of reasons other than that.
Instead of saying specifically why, they just falsely say it's compromised. That's fear mongering and lying.
I’ve checked and the passwords that Apple flagged, and those had been in dumps of my accounts from else-network. In years past, I did re-use some of what I considered throw-away passwords. Anyway, you do you, of course.
As for hashes, there are two sorts in common use. Digest hashes, which are fast to calculate, but slow to generate collisions (matching hashes), and password hashes, which are intentionally slow to calculate, and slow to generate collisions. The former are unfortunately sometimes misused for passwords. The latter are designed to be resource-intensive for memory and difficult to parallelize, and expensive to implement in hardware.
Brute-forcing passwords is certainly possible, with better password hashes and longer and more robust passwords pushing that brute-forcing into decades or centuries with current hardware.
Brute-forcing involves first trying previously-used passwords (which is what Apple is flagging, here), then trying widely-used passwords, then trying variations of those, then trying every password. The lattermost effort takes a very long time with algorithms such as PBKDF2 and bcrypt, and rather less time with a password store that chose a (quicker-to-calculate) message digest hash.
If one has common password, let’s say “qwerty”, one will with 100% probability get warning about breached password. But it only means that this common password has appeared in some data leak. Most likely it has appeared in some other users username/password combination. So it doesn’t mean that your own username/password has leaked. It only means that someone somewhere used “qwerty” as password in some site that got hacked.
Using a weak password is certainly an issue, though both the folks providing the breach notifications and the miscreants have access to an ever-increasing number of known username and password pairs and those too receive notifications.
To see if and how many breaches that your email address(es) have been caught up in, visit:
I’ve had this problem ever since updating to iOS 14.4. Different logins, different passwords, every time I login with Apple stored password this message pops up. It seems that the problem is not with an individual logins but with Apple, either with their settings for password storage, or a leak from iCloud that Apple hasn’t yet disclosed.
dimych28 wrote:
I’ve had this problem ever since updating to iOS 14.4. Different logins, different passwords, every time I login with Apple stored password this message pops up. It seems that the problem is not with an individual logins but with Apple, either with their settings for password storage, or a leak from iCloud that Apple hasn’t yet disclosed.
Apple provides a list of the weak or re-used or breached passwords in Settings > Passwords > Password Recommendations.
Work through that list resolving the problematic passwords, either switching to different passwords, or to generated passwords if you’re using Keychain or another password manager.
If you’d like to know where you’ve leaked passwords and the following breach information acquired from a different source, you can enter your email address into https://haveibeenpwned.com/
No, the problem is not with Apple. Apple is simply the messenger, telling you that a password (or passwords) that you have used have been found in published lists of passwords that have been stolen from various online sites. There are databases that are built by cybersecurity companies going to the dark web and seeing what stolen information is offered for sale by various criminal enterprises. Google offers a similar feature in Chrome, and the site https://haveibeenpwned.com can also tell you if a password that you use has been found in login information stolen from other sites.
If you want to learn about the hundreds of sites that have been hacked (many of which you probably use) Brian Krebs reports on the latest ones: https://krebsonsecurity.com. Some of the largest include Equifax, Marriott Hotels, the US Government’s personnel management agency, and many chain restaurants. And the most recent is almost all sites worldwide that use Microsoft Exchange.
If one has a common password, let’s say “qwerty”, one will with 100% probability get warning about breached password. But it only means that this common password has appeared in some data leak. Most likely it has appeared in some other users username/password combination. So it doesn’t mean that your own username/password combination has leaked. It only means that someone somewhere used “qwerty” as password in some site that got hacked.
That’s true, and anyone who uses such a password deserves what they get. I hope that is very few people.
But what you are missing is that the databases of hacked accounts have both the user ID and matching password, so if your login is janedoe@xyzzy.com, your password is qwerty and your account is with equifax (or any other site, like your bank, the IRS, Social Security, etc) whoever wants to hack your account on equifax has your login AND your password. And also your social security number, your address, your phone number, credit card numbers, your mother’s maiden name and lots of other personal stuff (because when Equifax was hacked all of that information was in their database). So even if you change your password they know enough about you to call equifax, pretend they are you (because they know all your details) and get your password changed. Unless you have 2 factor authentication on your account.
And even that isn’t a guarantee if hacking you is worth enough to them, because they can do a SIM swap and intercept your text messages. SIM swaps are risky enough so they are unlikely to do it for the average person, but there was a front page story in several papers yesterday about someone whose Coinbase account was hacked and $100,000 was taken from their bitcoin account, using a SIM swap.
jarkko274 wrote:
If one has a common password, let’s say “qwerty”, one will with 100% probability get warning about breached password. But it only means that this common password has appeared in some data leak. Most likely it has appeared in some other users username/password combination. So it doesn’t mean that your own username/password combination has leaked. It only means that someone somewhere used “qwerty” as password in some site that got hacked.
Yes, some common passwords do get flagged as poor choices.
There are widely-available lists of the five or ten thousand most common passwords, and I’ve been using those lists as a pre-filter for password selection for various production servers for some years.
Password reuse gets flagged, too.
The bigger risk here involves passwords associated with the account (usually an email address) that have been breached.
Those password pairs then get tested everywhere else. This password attack is sometimes called “cramming”.
And breached passwords do get flagged as higher-priority password changes.
The password listing shown on iPad and iPhone (Settings > Passwords > Password Recommendations) includes the particular risk associated of each listed password is shown. A common password is one such risk. A re-used password is a larger risk. A breached and reused password yet larger. Etc.
For readers here, look at your list of passwords, and work through the higher-priority changes down to the lower-priority changes, a few at a time or more, as time allows.
My point was, that when you get the "This password has appeared in a data leak" warning, it only means, what it literally says. Password has appeared in a data leak. It does not necessarily mean that _your_ username/password combination has appeared in a data leak. If you have a common password, it will very probably appear in some data leak, because some other user has used it.
jarkko274 wrote:
My point was, that when you get the "This password has appeared in a data leak" warning, it only means, what it literally says. Password has appeared in a data leak. It does not necessarily mean that _your_ username/password combination has appeared in a data leak. If you have a common password, it will very probably appear in some data leak, because some other user has used it.
AFAIK, that’s incorrect. If the password is listed as having been included in a data leak, it’s a password pair that’s been breached.
A weak password—one that’s been used often enough in enough other leaks for enough other accounts to become considered a weak password—is flagged as a weak password. That is, it’s a poor password choice, but not a leaked pair.
In any case, this thread will continue to be discussions about weak passwords, re-used passwords, and folks including myself that have had password pairs that have appeared in breaches.
The service linked earlier will show cases where the pairs have leaked: https://haveibeenpwned.com — these are the larger risk, particularly for those of us that have then re-used the pair.
What internal and/or external password services Apple might use for their detection is not documented.
Of course. But if username Bob has password “qwerty” in a site A and username Alice has password “qwerty “in site B and site B gets hacked, Bob will get warning “This password has appeared in a data leak” although Bob’s username/password pair is not hacked.
jarkko274 wrote:
Of course. But if username Bob has password “qwerty” in a site A and username Alice has password “qwerty “in site B and site B gets hacked, Bob will get warning “This password has appeared in a data leak” although Bob’s username/password pair is not hacked.
Based on the tags shown in the password recommendations, that appears to be incorrect.
Apple refers to the commonly-used passwords as being “easily guessed”. When these cases do occur, these “easily guessed” passwords are listed in the password report available on iPhone and iPad, with an indication that the password is not a robust choice. This is seemingly what you are referring to above with “qwerty” or similarly common password selections such as “password” or “123456” or such.
Apple detects and flags other of our problem passwords as being “reused passwords”. Which can quickly turn into a larger problem.
The most critical password problems are what Apple lists as “this password has appeared in a data leak”. These are breached credential pairs; cases where your email address or your account name and your password are associated together and are known to others. This is a password problem just waiting for the first botnet to try that credentials pair elsewhere. Which is commonly happening, and Apple IDs can be or are valuable targets.
The “easily guessed” and the re-used passwords are of somewhat lower risk, with those becoming a more serious problem if (when?) those credentials are leaked somewhere.
Per Apple, iPhone also securely monitors your passwords and alerts you if they appear in known data leaks. If you don’t want iPhone to perform this monitoring, go to Settings > Passwords > Security Recommendations, then turn off Detect Compromised Passwords.
I’d encourage leaving this password-detection setting enabled, and resolving weak passwords and re-used passwords as reasonably feasible, and resolving breached passwords immediately.
It is true, that there are different warnings for commonly-used passwords and leaked passwords, but that does not prove your point :) Again, it only tells that certain password is commonly used, but not leaked. Many commonly used passwords are also leaked (since commonly used passwords are by definition used commonly) and then Bob gets warning, if Alice's password is leaked in some other site.
"This password has appeared in a data leak" notice on iPhone
