You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Is Safari pop-up legit

Today a Safari pop-up suggesting password for apple.com and others have appeared in a data leak. I have not clicked on where it suggests I can remedy this but when I go into Safari > Preferences > Passwords, I do see an ! on numerous sites. I deleted and/or changed these passwords but really, is this a thing?

Thank you!

MacBook Air 13″, macOS 12.3

Posted on May 19, 2022 1:40 PM

Reply
Question marked as Top-ranking reply

Posted on May 19, 2022 2:17 PM

Yes. That is a thing. If the password you are using is detected in a data leak Apple will let you know.


It means that a password you are using with a specific website was part of a data leak at some point. It does not mean your specific password has been used to access whatever website or service it was associated with in the leak however, just that it was part of the leaked data.


The recommendation is to update the password to one that has not been used before.


Link-> Passwords & Privacy - Apple Support

...Your device may also inform you of passwords that may have been compromised in a data breach. This feature uses strong cryptographic techniques to regularly check derivations of your passwords against a list of breached passwords in a secure and private way that doesn’t reveal to Apple your accounts or passwords. Apple will send to your device a list of common passwords that are present in data breaches. For your passwords that are not in this list, your device will send information calculated from your passwords to Apple to check if the passwords may be present in a data breach. You will be warned about your passwords determined to possibly be in a data breach. Your actual passwords are never shared with Apple, and Apple does not store the information calculated from your passwords. You can disable this feature at any time by going to Settings > Passwords > Security Recommendations.




Similar questions

4 replies
Question marked as Top-ranking reply

May 19, 2022 2:17 PM in response to SueBah

Yes. That is a thing. If the password you are using is detected in a data leak Apple will let you know.


It means that a password you are using with a specific website was part of a data leak at some point. It does not mean your specific password has been used to access whatever website or service it was associated with in the leak however, just that it was part of the leaked data.


The recommendation is to update the password to one that has not been used before.


Link-> Passwords & Privacy - Apple Support

...Your device may also inform you of passwords that may have been compromised in a data breach. This feature uses strong cryptographic techniques to regularly check derivations of your passwords against a list of breached passwords in a secure and private way that doesn’t reveal to Apple your accounts or passwords. Apple will send to your device a list of common passwords that are present in data breaches. For your passwords that are not in this list, your device will send information calculated from your passwords to Apple to check if the passwords may be present in a data breach. You will be warned about your passwords determined to possibly be in a data breach. Your actual passwords are never shared with Apple, and Apple does not store the information calculated from your passwords. You can disable this feature at any time by going to Settings > Passwords > Security Recommendations.




Is Safari pop-up legit

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.