"Safari" security warning

[BlueMacawBird]

I recently upgraded my 27" iMac (18,3) to Big Sur. Running Safari (15.1) I have received a few messages warning that one of my passwords is compromised, and suggesting that "Safari" can help fix it. This is the message that I've seen:

I do not trust this at all, and I have not heard of Safari issuing such a warning. Needless to say I did not click that option. I have not seen such a message on my other machines.

I have scanned this machine with Malwarebytes, and it did not find anything on the machine. It's scan only took a few seconds, and I've wondered how thorough it really is.

So, has anyone seen a message like this? Is it a valid Safari message?

Thanks,

John

 

[chabig]

I don’t think that’s valid. Just ignore it.

 

[BlueMacawBird]

That's what I've been doing, but the bigger issue is, does that message mean that I have an active infection of some kind on my machine that needs to be dealt with.

 

[chabig]

No. It’s just an image on a web page that’s designed to look like a pop up alert.

 

[BlueMacawBird]

First, I should have said that the message appears when I open a new tab and my favorites are displayed. So I don't think I have gotten as far as a web page at that point. It has only appeared two or three times, which is two or three times too many.

I would like to find out what is causing it so I can get rid of it.

 

[chrfr]

I recently upgraded my 27" iMac (18,3) to Big Sur. Running Safari (15.1) I have received a few messages warning that one of my passwords is compromised, and suggesting that "Safari" can help fix it. This is the message that I've seen:


View attachment 1912578

I do not trust this at all, and I have not heard of Safari issuing such a warning. Needless to say I did not click that option. I have not seen such a message on my other machines.

I have scanned this machine with Malwarebytes, and it did not find anything on the machine. It's scan only took a few seconds, and I've wondered how thorough it really is.

So, has anyone seen a message like this? Is it a valid Safari message?

Thanks,

John

This is a legitimate warning. See this thread.

 

[svenmany]

Are you getting that popup on more than one website? If so, then there is some local problem on your machine that needs to be addressed. If it only appears on a single website, then @chabig is probably right.

If you hover over the link, it should display the url that would be submitted. What is that URL?

 

[BlueMacawBird]

This is a legitimate warning. See this thread.

Thanks, that is exactly what I needed to see. So the warning is indeed part of either Safari, or MacOS, and does not mean that my machine is compromised?

I'll change the password on any account mentioned and ensure that it is a good, strong password.

 

[BlueMacawBird]

Are you getting that popup on more than one website? If so, then there is some local problem on your machine that needs to be addressed. If it only appears on a single website, then @chabig is probably right.

If you hover over the link, it should display the url that would be submitted. What is that URL?

The popup did not appear on a website, it appeared when opening a new tab, before entering the desired site.

The popup did not include a URL, it had an action button. Which I did not use.

 

[NoBoMac]

Does not mean machine is compromised, just the password for that site.

Can verify legit by going to Safari > Preferences > Passwords. Will get a list of warning/recommendations on the left side that show problematic accounts. If legit, will see that website listed in the report as being compromised.

 

[BlueMacawBird]

Does not mean machine is compromised, just the password for that site.

Can verify legit by going to Safari > Preferences > Passwords. Will get a list of warning/recommendations on the left side that show problematic accounts. If legit, will see that website listed in the report as being compromised.

Thanks, I did not know that was there and it is very useful. Interestingly, it listed three entries for the same web page, only one of which is currently live with a strong password. The others are old and had weak passwords, and I deleted them. I'm surprised it kept the old ones when I updated the password some time ago. So now I should no longer see the warning message.

 

[svenmany]

Thanks, I did not know that was there and it is very useful. Interestingly, it listed three entries for the same web page, only one of which is currently live with a strong password. The others are old and had weak passwords, and I deleted them. I'm surprised it kept the old ones when I updated the password some time ago. So now I should no longer see the warning message.

Did you see the same type of warning inside that password panel - a warning about a data leak?

 

[BlueMacawBird]

I believe so; there was a yellow triangle next to one of the two old entries and I think it did display the same message as the popup.

 

[NoBoMac]

The other take-away re: legit is that it originally showed up on the start page for Safari, where it lists your Favorites, Siri Suggestion, Frequently Visited, etc. Lower right corner three slider icon to set/change.

 

[now i see it]

New versions of safari have a rainbow table of hacked passwords that became available after mega breaches of millions of users online. Safari is comparing your stored passwords with that table and if there’s a match, it’s asking you to change it.

Brute force hackers of websites use the same rainbow tables to try to crack passwords. If you don’t have a similar password, the hacking machine can’t make a match.

 

[Ruggy]

Hi
I think you've got all the relevant info now that it is valid, it comes from Keychain etc.
Just one thing to emphasise: it doesn't necessarily mean your machine or your password has been compromised just that it has been used by someone else that has been compromised.
Also often there's nothing really wrong with the password except you've reused it or they consider it too easy to guess so they are just trying to get you to use good practices.