I’m getting this warning that this password has appeared in a data leak. Except this is my Apple ID password, which is random and has not been used any place else except Apple. so unless Apple got hacked what am I missing here? What don’t I get because I don’t wanna have to go through and change my Apple ID on all my Apple devices. I’m seeing this on my iPad. Version 17.4.1.
iPad Pro, iPadOS 17
If you have any reason to suspect that your AppleID account or associated Password may have been compromised, it is in your own best interests to change the Password:
If you think your Apple ID has been compromised - Apple Support
If you have any reason to suspect that your AppleID account or associated Password may have been compromised, it is in your own best interests to change the Password:
If you think your Apple ID has been compromised - Apple Support
nausky wrote:
Exact same situation here. Silence on this is pretty annoying since companies are supposed to disclose when they leak data.
Have you even considered that you might have accidentally disclosed your AppleID credentials - or perhaps are using the same username (i.e., your email address) and password for a different website or service? If so, this might account for what might appear to be compromised AppleID credentials.
Any credentials stored within your Keychain are not accessible to Apple - as the Keychain is protected by end-to-end encryption. To access the Keychain data, you require an encryption key that is only stored on your own devices within their respective Secure Enclave (i.e., the device's Security chip).
Similarly, Apple doesn't actually store your AppleID Password - but instead uses a one-way (i.e., irreversible) "hash" of your account password. Even if the "hash" was somehow breached, it is impossible to discover the original Password from the hashed-value itself.
In simple terms, when you sign-in to Apple, the Password that you provide during the sign-in attempt is used to generate another "hash" value - and this computed value is compared with the value already stored by Apple. If the values match, you are granted access; if not, the Password is incorrect and the sign-in attempt will fail. Game over.
This might shed some light on what you’re experiencing.
Password Monitoring – Apple Support (AU)
It wasn’t necessarily leaked from Apple; but it DID come up on a list; not necessarily from your account but from someone / somewhere.
Suggest you simply change your AppleID password and move-on.
Chattanoogan wrote:
This might shed some light on what you’re experiencing.
Password Monitoring – Apple Support (AU)
I suspect the OP, along with many others, will get very lost in the math...
Chattanoogan wrote:
You might find this of same interest too:
Password security recommendations – Apple Support (AU)
Indeed more useful and intelligible to the lay-reader. 🙂
Exact same situation here. Silence on this is pretty annoying since companies are supposed to disclose when they leak data.
Maybe … maybe not.
He also gave no indication of the relative entropy of his password.
But it might reduce anxiety to understand exactly what the compromised passwords are compared to.
My Apple ID Password has appeared in a data leak
