Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

BlueMacawBird

macrumors regular
Original poster
Jun 28, 2019
111
31
Washington, D.C. USA
I recently upgraded my 27" iMac (18,3) to Big Sur. Running Safari (15.1) I have received a few messages warning that one of my passwords is compromised, and suggesting that "Safari" can help fix it. This is the message that I've seen:


Screen Shot 2021-11-16 at 7.23.58 PM.png


I do not trust this at all, and I have not heard of Safari issuing such a warning. Needless to say I did not click that option. I have not seen such a message on my other machines.

I have scanned this machine with Malwarebytes, and it did not find anything on the machine. It's scan only took a few seconds, and I've wondered how thorough it really is.

So, has anyone seen a message like this? Is it a valid Safari message?

Thanks,

John
 
That's what I've been doing, but the bigger issue is, does that message mean that I have an active infection of some kind on my machine that needs to be dealt with.
 
No. It’s just an image on a web page that’s designed to look like a pop up alert.
 
First, I should have said that the message appears when I open a new tab and my favorites are displayed. So I don't think I have gotten as far as a web page at that point. It has only appeared two or three times, which is two or three times too many.

I would like to find out what is causing it so I can get rid of it.
 
I recently upgraded my 27" iMac (18,3) to Big Sur. Running Safari (15.1) I have received a few messages warning that one of my passwords is compromised, and suggesting that "Safari" can help fix it. This is the message that I've seen:


View attachment 1912578

I do not trust this at all, and I have not heard of Safari issuing such a warning. Needless to say I did not click that option. I have not seen such a message on my other machines.

I have scanned this machine with Malwarebytes, and it did not find anything on the machine. It's scan only took a few seconds, and I've wondered how thorough it really is.

So, has anyone seen a message like this? Is it a valid Safari message?

Thanks,

John
This is a legitimate warning. See this thread.
 
Are you getting that popup on more than one website? If so, then there is some local problem on your machine that needs to be addressed. If it only appears on a single website, then @chabig is probably right.

If you hover over the link, it should display the url that would be submitted. What is that URL?
 
Are you getting that popup on more than one website? If so, then there is some local problem on your machine that needs to be addressed. If it only appears on a single website, then @chabig is probably right.

If you hover over the link, it should display the url that would be submitted. What is that URL?
The popup did not appear on a website, it appeared when opening a new tab, before entering the desired site.

The popup did not include a URL, it had an action button. Which I did not use.
 
Does not mean machine is compromised, just the password for that site.

Can verify legit by going to Safari > Preferences > Passwords. Will get a list of warning/recommendations on the left side that show problematic accounts. If legit, will see that website listed in the report as being compromised.
 

Attachments

  • passwds.jpg
    passwds.jpg
    126.4 KB · Views: 82
Does not mean machine is compromised, just the password for that site.

Can verify legit by going to Safari > Preferences > Passwords. Will get a list of warning/recommendations on the left side that show problematic accounts. If legit, will see that website listed in the report as being compromised.
Thanks, I did not know that was there and it is very useful. Interestingly, it listed three entries for the same web page, only one of which is currently live with a strong password. The others are old and had weak passwords, and I deleted them. I'm surprised it kept the old ones when I updated the password some time ago. So now I should no longer see the warning message.
 
Thanks, I did not know that was there and it is very useful. Interestingly, it listed three entries for the same web page, only one of which is currently live with a strong password. The others are old and had weak passwords, and I deleted them. I'm surprised it kept the old ones when I updated the password some time ago. So now I should no longer see the warning message.
Did you see the same type of warning inside that password panel - a warning about a data leak?
 
The other take-away re: legit is that it originally showed up on the start page for Safari, where it lists your Favorites, Siri Suggestion, Frequently Visited, etc. Lower right corner three slider icon to set/change.
 

Attachments

  • start.png
    start.png
    135.3 KB · Views: 95
New versions of safari have a rainbow table of hacked passwords that became available after mega breaches of millions of users online. Safari is comparing your stored passwords with that table and if there’s a match, it’s asking you to change it.

Brute force hackers of websites use the same rainbow tables to try to crack passwords. If you don’t have a similar password, the hacking machine can’t make a match.
 
Hi
I think you've got all the relevant info now that it is valid, it comes from Keychain etc.
Just one thing to emphasise: it doesn't necessarily mean your machine or your password has been compromised just that it has been used by someone else that has been compromised.
Also often there's nothing really wrong with the password except you've reused it or they consider it too easy to guess so they are just trying to get you to use good practices.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.