Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple Passwords Leaked, Yet Crickets here.

Yoda Mann

Yoda Mann

macrumors member
Original poster
Nov 11, 2012
41
40
  • Haha
Reactions: BugeyeSTI, rgwebb, winxmac and 1 other person
Yoda Mann said:
Forbes headline reads, “16 Billion Apple, Facebook, Google And Other Passwords Leaked — Act Now” yet nothing but crickets at MacRumors. What’s the story?

www.forbes.com

16 Billion Apple, Facebook, Google And Other Passwords Leaked — Act Now

As 16 billion credentials are confirmed as having been leaked, is it time to switch from passwords to passkeys?
www.forbes.com www.forbes.com
Click to expand...
“leak is the work of multiple infostealers”

Translation it’s not a “leak”. It’s a list of passwords acquired from individual computers using malware. This has nothing to do with Apple. Typical MSM BS
 
  • Like
  • Love
Reactions: BigMcGuire, BugeyeSTI, Scepticalscribe and 14 others
Yoda Mann said:
What’s the story?
Click to expand...
There is no story. It's Forbe's clickbait. Companies like Apple, Facebook, Google don't know your passwords, so there can be no truth to this story. Passwords don't work like that. Instead, when you create a password, it's run through a hashing function and they save the hash. When you log it, your typed password is again hashed and compared to the saved hash. If they match, you're in. If they don't, your password was wrong. This is also why when you click the "Forgot password" button, they can't tell you what the password was. They don't know, so they send a reset link instead.
 
  • Like
  • Love
  • Wow
Reactions: BigMcGuire, Scepticalscribe, Ben Sparrow and 19 others
I feel that if this was an actual leak then Apple, Google etc. would be falling over themselves to put out statements about how our privacy is extremely important to them. As far as I can tell, that hasn't happened. It appears that this is the work of malware (probably for Windows) spying on browsers and sending all the passwords off somewhere. Given the sheer number of accounts I suspect it's been running undetected for quite some time, and that the "story" here is that the data set has now been published.

I suggest using a service such as Have I Been Pwned to see whether your passwords have been copied. I suspect that Mac users are going to get off lightly due to Apple's password manager recommending randomly-generated passwords that are unique to each website.
 
  • Like
Reactions: BigMcGuire, uacd, Jumpthesnark and 3 others
The news can be found in the Associated Press headlines. A security firm I correspond with told me the news over a week ago. It is possible that Apple accounts haven't been compromised, but several networks have been mentioned.

More details about the data breach for those interested:
apnews.com

Billions of login credentials have been leaked online, Cybernews researchers say

Researchers at cybersecurity outlet Cybernews say that billions of login credentials have been leaked and compiled into datasets online, giving cybercriminals “unprecedented access” to accounts consumers use each day.
apnews.com apnews.com
 
Last edited:
  • Like
Reactions: G5isAlive, Parowdy and EedyBeedyBeeps
chabig said:
There is no story. It's Forbe's clickbait. Companies like Apple, Facebook, Google don't know your passwords, so there can be no truth to this story. Passwords don't work like that. Instead, when you create a password, it's run through a hashing function and they save the hash. When you log it, your typed password is again hashed and compared to the saved hash. If they match, you're in. If they don't, your password was wrong. This is also why when you click the "Forgot password" button, they can't tell you what the password was. They don't know, so they send a reset link instead.
Click to expand...
If the hash passwords have been leaked, criminals can crack them by deploy compute resources to break them. This is why haveibeenpwned exists.
 
  • Like
  • Haha
Reactions: G5isAlive, lemonkid, smirking and 2 others
ifxf said:
If the hash passwords have been leaked, criminals can crack them by deploy compute resources to break them. This is why haveibeenpwned exists.
Click to expand...
Indeed. I recommend this Computerphile video to anyone interested in how this works, how easy it is, and why unique passwords are essential. The first four seconds of the video ("Everyone's passwords are terrible and they should change them right now.") is the key takeaway.
 
  • Like
Reactions: smirking and NoBoMac
Ditto earlier comments.

And could be old school phishing going on.

Usually don’t get these but got a spam text for an account for a relative I have access to the other day. Never access via public Wi-Fi and only via iOS app or computer at home. Came from a random number, addressed to multiple people across the country, wrong URL for the site. Delete > Report Spam. Seen a bunch of “iCloud locked” spam and ilk on relatives’ email accounts (trained them to ignore and delete).

That said, got a letter today reporting that my doctor’s office got hacked a year ago. Luckily, as others mentioned, random password protects everything else. And 2FA on accounts that support it, credit reports locked/frozen for a number of years now (also cuts out credit card offers, etc snail mails).
 
  • Like
Reactions: uacd
It's because it's kind of a nothing burger, news sites keep posting that article to get their daily clicks and honestly just to scare people that are not that tech savvy.

In short it's just a dataset that includes passwords from past data breaches.

if you want to know more, Mutahar made a great video about it!
 
  • Like
Reactions: uacd and russell_314
  • Like
Reactions: G5isAlive and russell_314
+1 all “why read Forbes” comments. Unless one is really anti-Apple. Forbes loves their anti-Apple articles and seems to have been that way for ages: gets themselves clicks.
 
  • Like
Reactions: G5isAlive, splifingate and uacd
Yoda Mann said:
Forbes headline reads, “16 Billion Apple, Facebook, Google And Other Passwords Leaked — Act Now” yet nothing but crickets at MacRumors. What’s the story?

www.forbes.com

16 Billion Apple, Facebook, Google And Other Passwords Leaked — Act Now

As 16 billion credentials are confirmed as having been leaked, is it time to switch from passwords to passkeys?
www.forbes.com www.forbes.com
Click to expand...

Because almost instantly it was then determined that the 16Bn story was fictitious and this (again) seems to be a rehash (sorry) of a bunch of old passwords.

But certainly, change your passwords and check your 2FA.
 
was't there somewhere a feature in the passwords app that would warn for hacked passwords? If yes it could be useful in this kind of situations especially for worriers.

Hashed or un-hashed
 
Yoda Mann said:
Forbes headline reads, “16 Billion Apple, Facebook, Google And Other Passwords Leaked — Act Now” yet nothing but crickets at MacRumors. What’s the story?

www.forbes.com

16 Billion Apple, Facebook, Google And Other Passwords Leaked — Act Now

As 16 billion credentials are confirmed as having been leaked, is it time to switch from passwords to passkeys?
www.forbes.com www.forbes.com
Click to expand...
No aware human bothers to read anything Forbes has to say about tech. Just always ignore Forbes. If for some strange reason they are accurate for the first time don't worry about missing something because other media will have it anyway.

Not saying Forbes is useless in general, just worse than useless for tech: usually flat wrong, at best inaccurate.
 
  • Like
Reactions: G5isAlive and splifingate
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back