Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Password Data Leak
- Thread starter Ameer_1
- Start date
- Sort by reaction score
It's this kind of thoughtful product engineering that only Apple can do.
They sweat the minutest of details so you don't have to.
They sweat the minutest of details so you don't have to.
@Ameer_1 Good catch — go ahead and change that password, and use auto generated passwords in a password manager so you don’t reuse passwords in case of leaks like that.
@dumastudetto
@dumastudetto
This feature was literally copied from 1Password’s Watchtower feature, and I believe both just wrap Have I Been Pwned (HIBP). But I agree that it’s a nice feature!
Safari and macOS can generate those messages:
Password security recommendations
In iOS, iPadOS, and macOS, Password AutoFill marks a user’s saved passwords as weak, compromised, reused, or leaked.
support.apple.com
Change Passwords settings on Mac
On your Mac, view, add, or edit the user name and password or passkey you saved for a website.
support.apple.com
BUT, I agree that context and caution are important here. I would not click the button in the popup window (go to the affected website using a known safe address in a web browser), especially if the popup appeared when visiting a website or using an app for the first time. In any case, if the warning is not legitimate (an attacker could easily generate graphics identical to Apple’s), changing a password by directly going to an organization’s website won’t cause any harm.
Last edited:
I'm might sound a little silly here, but if I use key chain or safari generated passwords, they'll be very difficult to remember of wanting to log on on another device.
The picture the OP posted is real and he should change his password. The data breach for that message is tied to one of your email accounts, which you should also change the password for.
