Apple Watch pin pwned - how?

Question

Level 1

14 points

Apple Watch pin pwned - how?

I frequently play around with HaveIbeenpwned to show friends and family the ridiculousness of some passwords, and on a whim I put in my 8-digit pin that I use on my Apple Watch that I'm relatively confident no one else would ever use as a password on a site. To my surprise it shows up as having been pwned in 1 breach! The only thing I can think of is that somehow Apple logs that PIN somewhere and Apple has been breached, but surely we would have heard about that. Other than shear coincidence that someone used my same 8-digit PIN, which isn't a pattern and is unique to me and my background, can anyone think of an explanation as to how my Apple Watch PIN would be Pwned? Unfortunately HaveIbeenpwned doesn't tell me the one breach they found this PIN in.

Apple Watch Series 9

Posted on Feb 17, 2024 8:07 AM

Reply

Answer 1

cjmurf Author

Level 1

14 points

Feb 17, 2024 8:27 PM in response to muguy

I would agree if my pin were 12345678 or some other ridiculous combination, but it is a truly unique one that isn't tied to dates or anything. Since there are 100,000,000 possible combinations out there, I find it hard to believe someone is using the same as mine. I too thought that it was only stored locally to watch, but this really has me wondering, hence the discussion.

Reply

Answer 2

Mac Jim ID

Level 5

7,162 points

Feb 17, 2024 8:53 PM in response to cjmurf

You have nothing to worry about. Obviously a PIN and Password are 2 different things. You would not enter a PIN number on a website that would be reported in a breach. The site is clearly for usernames and passwords that you would use to login. It just so happens that your PIN code was used by someone as a username or password. On top of that, your PIN number is not stored by Apple, so there is no possible way they could have leaked that information.

I put a random 8 digit number in the password search and it said it was pwned 9 times. It is not as unusual as you think. So to be clear, your Apple Watch PIN has not been pwned.

Reply

Answer 3

muguy

Level 9

75,542 points

Feb 17, 2024 8:21 AM in response to cjmurf

Your pin is only stored locally. If you’re simply entering a password to see if it appears, your 8-digit pin will most certainly not be unique.

Reply

Answer 4

muguy

Level 9

75,542 points

Feb 17, 2024 8:41 PM in response to cjmurf

As the site only provides passwords found in leaks, not PINs, someone else is obviously using the same combination for something else. That wouldn't be unusual at all.

Reply