You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

My Apple ID Password has appeared in a data leak

I’m getting this warning that this password has appeared in a data leak. Except this is my Apple ID password, which is random and has not been used any place else except Apple. so unless Apple got hacked what am I missing here? What don’t I get because I don’t wanna have to go through and change my Apple ID on all my Apple devices. I’m seeing this on my iPad. Version 17.4.1.

iPad Pro, iPadOS 17

Posted on Mar 23, 2024 5:02 PM

Reply
Question marked as Top-ranking reply

Posted on Mar 24, 2024 8:06 AM

If you have any reason to suspect that your AppleID account or associated Password may have been compromised, it is in your own best interests to change the Password:

If you think your Apple ID has been compromised - Apple Support

Update your Apple ID password - Apple Support

8 replies

Jun 12, 2024 4:31 PM in response to nausky

nausky wrote:

Exact same situation here. Silence on this is pretty annoying since companies are supposed to disclose when they leak data.


Have you even considered that you might have accidentally disclosed your AppleID credentials - or perhaps are using the same username (i.e., your email address) and password for a different website or service? If so, this might account for what might appear to be compromised AppleID credentials.


Any credentials stored within your Keychain are not accessible to Apple - as the Keychain is protected by end-to-end encryption. To access the Keychain data, you require an encryption key that is only stored on your own devices within their respective Secure Enclave (i.e., the device's Security chip).


Similarly, Apple doesn't actually store your AppleID Password - but instead uses a one-way (i.e., irreversible) "hash" of your account password. Even if the "hash" was somehow breached, it is impossible to discover the original Password from the hashed-value itself.


In simple terms, when you sign-in to Apple, the Password that you provide during the sign-in attempt is used to generate another "hash" value - and this computed value is compared with the value already stored by Apple. If the values match, you are granted access; if not, the Password is incorrect and the sign-in attempt will fail. Game over.

My Apple ID Password has appeared in a data leak

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.