You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

How to get rid of bogus "Compromised Password" message on Safari

MacBook Air with macOS Monterey 12.3.1


A "Compromised Password" message has started appearing on my Safari homepage.

The exact sites it mentions differ.

I am obviously not going to click on the link. That would be mighty dumb.


However how can I get rid of it?

I have tried clearing my history and that seems to work for a couple pages or so. But the message keeps coming back.


Any ideas?


Thanks!



MacBook Air (2020 or later)

Posted on Apr 28, 2022 4:07 PM

Reply
Question marked as Top-ranking reply

Posted on Apr 28, 2022 4:38 PM

Change Passwords preferences on Mac indicates that you may have selected "Detect compromised passwords."


I would go directly to the website mentioned and change the password. You should be able to find them in the Password Preferences without clicking the link.


5 replies

Apr 28, 2022 5:31 PM in response to Suzan52

Suzan52 wrote:

MacBook Air with macOS Monterey 12.3.1

A "Compromised Password" message has started appearing on my Safari homepage.
The exact sites it mentions differ.
I am obviously not going to click on the link. That would be mighty dumb.

However how can I get rid of it?
I have tried clearing my history and that seems to work for a couple pages or so. But the message keeps coming back.

Any ideas?

Thanks!


https://discussions.apple.com/content/attachment/4016884f-bd4c-4427-bf53-df2f3cb2b46e


You have a setting in Safari>Preferences>Passwords you can uncheck the box






Apr 28, 2022 5:24 PM in response to Suzan52

You should change those passwords, but to make sure you understand, your account wasn't compromised. The password you are using on those accounts was found in a data leak.

So, all of those passwords are published to the brute force dictionaries. In general, I would not expect Amazon to be susceptible to a brute force attack, but combined with some other zero-day exploit, they might.


The fact that someone could exfiltrate a list of passwords demonstrates that there are many services that do not understand security in the least. They should never be storing your password in any way that can be recovered. Whenever signing up for some service, you should immediately try to recover a "lost" password. If they provide your old password, you should stop using that service.


You should never re-use passwords as once one is discovered, they will try using the same password on any possible account anywhere that sounds like it might be yours.

How to get rid of bogus "Compromised Password" message on Safari

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.