You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

notice of compromised passwords

MacBook pro 16inch OS Monterey. I have been getting pop up notices telling me some of my passwords are part of a data leak. Not sure if this is valid or a scam

MacBook Pro 16″, macOS 12.1

Posted on Jan 19, 2022 12:51 PM

Reply
4 replies

Feb 27, 2022 9:02 AM in response to Barney-15E

This just happened to my dad on his iPhone. It mentions over a dozen accounts with probably 3-5 unique passwords between them all. Everything from PayPal, Venmo, credit cards, to Toast and Hoopla.

Are you saying the notification is really just a password strength warning? They make it appear his whole digital existence has been leaked!


Thanks for your help!

Jan 19, 2022 3:10 PM in response to deflumeri

It's valid.

All it is telling you is you have a password that matches those found in some data leak somewhere. It doesn't mean that your specific username and that password were found.

But, that list of leaked passwords will find its way to the list of known passwords to use in a dictionary attack (brute force).

It is essentially advising you that the password may not be very strong anymore.

Feb 27, 2022 10:56 AM in response to elizbacon

Are you saying the notification is really just a password strength warning?

No.

They make it appear his whole digital existence has been leaked!

The password was found in a data leak. It doesn't mean that his account that used that password was found in the data leak. Just the same password he is using was found.


I don't know what Hoopla is, but all the rest I don't imagine even store your password. No website should ever store the text of your password. They should store some form of salted hash of the password from which the actual password cannot be recovered. If you ever use a site that will offer to recover your lost password, you should never do anything with that site.

notice of compromised passwords

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.