Password in data leak

Kimmsolo wrote:

Hi were you able to identify what it meant ? I just got that pop up today too . One where it showed all my apps saying that they’re at risk and that I should change the password. It said password leaked . I’m really worried that someone actually has access to my passwords. Did you solve the issue ?

Please skim the replies in this thread.

Solving this issue involves changing one or more of your existing passwords to new and unique and preferably more robust passwords.

Getting warnings—each warning can have details of what happened—usually means a password was re-used across more than one website or service, and one (or more) of the places where that password was used—often with an email address to ide tify the user—leaked the email address and the associated password.

People (now including Apple) are building up databases of the email addresses, and each password associated with that address.

Some like Apple are notifying their users. Others are nefarious, and are using these same server breaches and the passwords exposed, and are trying these passwords across other services; what’s sometimes called “cramming”.

What to do?

Change your exposed password(s)to a new and unique value.

To see which passwords are involved:

If you’re on iPad or iPhone, use Settings > Passwords > Security Recommendations

On macOS, Safari > Preferences > Passwords can show you warnings on passwords

Some folks here might fear viruses and virus warnings and the “YOU HAVE A VIRUS” poo-ups, but it’s duplicated / re-used passwords that are how a whole lot of us are getting in trouble.

I scrolled through and a lot of mine were really old sites that I have not engaged with in years. I changed all of the passwords for sites I use regularly or even once in a while, but didn’t bother with the rest. It’s alarming that passwords are so easily obtained. I’m setting reminders to go in and change all of my critical ones on a monthly basis in hopes that it will improve my odds. I didn’t change any of my passwords using the embedded link in the alert on my phone. I used my laptop and went to each site directly.

Andphrew wrote:

The same thing happened to me which got me thinking that maybe my entire phone is hacked... is that possible

Technically iPhone can be hacked, but that’s unlikely to be the case for most security issues, and that’s also not what the password-reuse messages are warning about. They’re warning about password re-use.

and if so what should I do?

Change to unique passwords across all services, preferably to robust passwords or generated passwords, use a password manager such as iCloud Keychain, and don’t re-use your chosen passwords.

Start the password change with the passwords flagged as having been exposed, those passwords usually exposed by server breaches where you’ve had accounts. Start with the highest-risk passwords and work through several of those passwords a day or more, or whatever works out for you to get those issues addressed soonest, and work your way through the backlog.

Why change passwords? Folks take your email address and all known associated passwords and the re-try those same credentials on pretty much any other network service on the Internet. Which will be a Bad Day for you, should your Apple ID password happen be one of those re-used passwords. This is called “cramming’, and—unlike fears that our iPhone might be getting hacked, and which is quite rare—mistakes such as password re-use are how many of us are getting in trouble.

NoahBruh wrote:

Yes, it’s happened to my iPhone too.

it hasn’t so much as happened to your iPhone, but rather the passwords that have been used used on your iPhone have been found in data leaks elsewhere, or are passwords with other related password security issues.

This re-use or weak passwords or such is then reported to you by your iPhone, to allow you to know about and upgrade your passwords.

These password diagnostics are fairly common, particularly among those of us that have re-used passwords that were, well, weak, or those of us that have reused a password exposed by a password breach elsewhere.

Various websites and services that many of us have used—services elsewhere on the Internet—have become breached, the passwords then exposed, and the miscreants then try these same passwords in logins across the rest of the Internet. Including, for instance, re-trying these breached-elsewhere logins and passwords as Apple IDs.

One of my throw-away passwords from a dozen years ago that was still present in my password Keychain ended up (through corporate acquisitions) at a completely different Internet service long after a breach at the original service, and some schmucks then re-tried that old password, and (almost) got in. With few exceptions, we’ve all been bad with a few passwords, and the server breaches are making that more of a problem.

What to do? Pick a couple of the most serious reported issues each a day or two, and fix them, or delete the accounts if they’re no longer relevant to you and your needs, and work your way through the backlog of bad passwords.

Well it's easy to explain. The leak occurred somewhen. And since this leak was discovered, the passwords from that leak are known.

So all leaked passwords (12345678, secret, password, ....) are stored in a public database - without relation to a user account.

And the new feature of the iPhone (and Mac) knows your stored passwords and matches them against the known database with the leaked passwords.

But don't be afraid! They scramble your password into an unique identifier. "secret" will be for example something like this "324*234çç5*ç%LFJ*OJç" (varies and depends on the algorithm). And the same is done on the other side.

If there's a match, you'll be alarmed by the new feature.

So, it could also be, that someone else was hacked and this guy used the same password "secret". In any case, it's an indicator, that your password strength seems not to be very good and you should consider changing it.

Also, you should not use the same password for different accounts.

lantaul wrote:

...I can’t remember 104 different passwords and so I am going to obviously reuse. Do you think apple just warms you that it could be a leak if you have reused the same one too many times?

Apple tells you want the particular password exposure is for each. See Settings > Passwords > Security Recommendations

lantaul wrote:

Thank you for your response.

No, so if I wanted to change alllllll of my passwords to keychain... I would never get an alert or warning of a leak?

And if I choose to change them all I would have to do each one individually... Log in to each website and go through settings and try and figure out this keychain thing? Gosh, I hate I don’t know how to use all of the bonus features to my phone. Or pretty much all technology. Geez!! Lol

Go to.

Settings > Passwords > Security Recommendations

...Follow the directions for each password involved.

You should change the password for those 3, and for any other sites where you might have reused those passwords.

cathyand80 wrote:

My Apple ID or iCloud mail were not breached but my Gmail email has been breached by 3 places : Houzz, Modern Business Solutions and My heritage

And those same passwords, should they have been (re)used elsewhere in conjunction with any of your associated your email addresses.

Dead simple email matching addresses to start, and that’ll be followed by testing those passwords with any other email addresses the miscreants can associate with the breached email address.

This attack against password re-use is called cramming.

Some attackers rummaging mail or messages at other services with matching credentials pairs looking for yet more passwords or passcodes, too.

I found the same message after I purchased 2 TB of iCloud storage, coincided with update. I had 443 alerts under Settings-Passwords listing every single account with a Safari memorized password. Apple support tech looked at his own phone and found similar messages specifically stating "This password has appeared in a data leak, which puts this account at high risk of compromise. You should change your password immediately." He was alarmed and promised

Apple Security and Privacy Department would call me about 4 days later, which they did not do. Called again yesterday and spent another hour on the phone, meticulous notes by tech, promising a phone call this morning which again did not occur. Called apple again, got connected to Security and Privacy at last, and technician who had no time to review the notes on the account, played it down like it's a generic alert that I could turn off if it bothered me. The wording is too specific to be nothing. What else could this be but an iCloud leak? Or are the Apple engineers that loose with the English language?

There were many hundreds of businesses hacked in the past few years, so if you had an account with any of them your password was stolen as part of the attack. There is no way to know which of these corporate security breaches your account data was specifically stolen from, but if you know where you used the compromised passwords you can probably figure it out.

MrHoffman wrote:

Lawrence Finch wrote:

There were many hundreds of businesses hacked in the past few years, so if you had an account with any of them your password was stolen as part of the attack. There is no way to know which of these corporate security breaches your account data was specifically stolen from, but if you know where you used the compromised passwords you can probably figure it out.

FWIW, the website linked previously does indicate which dump(s) included the email credentials.

Thanks; that may be a new feature; I hadn’t noticed it previously. Or maybe it’s just my inattention.

I have been slowly changing the passwords to be on the safe side. A lot of the sites were old and I just deleted the password.

It has nothing to do with your phone being hacked, which can’t happen. It means that the sites where you logged in with those passwords were hacked.