This Password has Appeared in a Data Leak

·

·

This password has appeared in a data leak

“This password has appeared in a data leak” is a disturbing message that a number of iPhone and iPad users have been seeing lately in the Passwords menu of their Settings app. This alarming message has been a hot topic in Apple forums where people have been concerned about why they are getting it and what they should do about it.

If you have checked your iPhone or iPad’s passwords menu and you have found a warning telling you “This password has appeared in a data leak, which puts this account at high risk of compromise. You should change your password immediately” or another variant of the message warning you about “Easily guessed” or “Reused” password, then you should definitely take it seriously.

What this message basically indicates is that the password you are using for your account has been made publicly available on the web space.

iPhone Apple data leak message

Unfortunately, in this digital era, no one is fully protected against data leaks. Big and small businesses and their websites and servers are hacked all the time by active cybercriminals and people with malicious intentions. Known data leaks are typically stored in public databases that are available online. These databases allow you to manually search them for your passwords, see which websites have suffered data leaks, and even receive personal alerts about credential leaks related to your accounts.

But how does Apple know that your passwords have appeared in a data leak? Well, this is a new feature built into iOS 14 called “Security Recommendations” that monitors your passwords and notifies you if they are too weak, if you are reusing them, or if they show up in known data leaks.

In case you have just updated your iPhone or iPad to iOS14 or you are already using this iOS version, you can find the “Security Recommendations” feature in the Passwords menu of the Settings app.

On your iPhone, this feature can be turned ON and OFF when you go to Settings >>> Passwords >>> Security Recommendations>>> Detect Compromised Passwords.

When turned on, the service checks if any of the sites you have accounts on has been pwned, then checks the last date you updated your password. If the date of your last password update is older than the date when the site was pwned, then you’ll see a warning on your Apple device.

The new “Security Recommendations” feature does that monitoring automatically and matches your stored passwords against known databases with leaked passwords. If there’s a match, you’ll be alarmed by a “This password has appeared in a data leak,…” message.

The alert may be shown even if you don’t have a password leak of your specific account. For instance, if a 123456 password (a terrible password choice, by the way) has leaked online and you are using the same password for any of your accounts, you will get a warning message because the service compares your current password with the one that has become publicly available in known database leaks.

In any case, iPhone Apple data leak message is an indicator that your password’s strength may not be very reliable and you should better update it.

Users of iCloud Keychain may be greeted with a “This password has appeared in a data leak,…” or a similar security alert on all their synced devices, including iPhone, iPad, and Mac.

On your iPhone, you can customize the settings of your iCloud Keychain and change or remove passwords from Keychain by navigating to Settings >>> Passwords. All security recommendations and warnings related to your passwords will be visible there.

The most “high-risk” message of them all is the “This password has appeared in a data leak, …” message. Another warning message that may be displayed as a security recommendation may warn you if “You’re reusing this password on other websites”. If you scroll under “Other Recommendations” you may find a notification alerting you about “Easily guessed password”.

A single tap on each of the alerts will display more information about your login details for that particular website and the date of your last password update.

What actions should you take?

If you see any Apple iPhone or Mac data leak message warnings, it is best to immediately change your password with one that is unique and strong enough. This will ensure that if your login credentials have become publicly available due to a data leak or have a chance to be breached due to being weak, once you update them, no one can use them to access your accounts.

We recommend using 1password to manage all your passwords. Easily change all exploited passwords and automatically update and store them which AES-256 encryption. The app is cross-platform which means you can automatically fill in passwords on any device using your browser of choice whether it’s Safari, Chrome and or any other.

Installing 1password – You will be prompted to create an account. Afterward, 1password will install as an extension to your existing browser. Whether you are using Safari, Chrome, or Firefox you can now access and sync all of your passwords from one account.

Tips on password protection and best security practices

Your first concern if you see a “This password has appeared in a data leak,…” message should be how to protect your account from being accessed by other people. This can be done by creating a new password that:

  • includes different symbols, numbers, and letters in a hard-to-guess combination
  • has a minimum of twelve to fourteen characters
  • is unique for that specific account and not used in other accounts
  • does not contain real words or common phrases
  • does not contain personal details about you that could be found elsewhere (such as name, birthday, etc.)

If you find it hard to create such a password, you can use iCloud Keychain or some other password manager of your choice to generate and save unique and complex passwords that can protect your accounts.

To change passwords on your iPhone, go to Settings >>> Passwords >>> Security Recommendations and select Change Password on Website.

A good security practice that can add an extra security layer to your account and help you avoid password breaches is to switch on a two-factor authentication function in your iPhone or iPad”. Here is how to do it:

  1. On the home screen tap on the “settings” option.
  2. Next, at the top of the setting screen tap on your name.
  3. Then, tap on “password and security”
  4. You will find the option “two-factor authentication”.
  5. Tap it to turn it ON.

Password Managers

Passwords Managers such as 1password ensure a high level of security with the ease of access to all your passwords and other sensitive information that you wish to store with just one Master passwords

Your Master Password is used locally to decrypt your data. It then uses several layers of security to authenticate your devices and only provides you with your (encrypted) data on those devices.

Check out TrustPilot to see what people think about 1password.

More Tips

Another tip that helps to keep your iPhone, iPad, or Mac safe is to regularly update all software that you are using. The majority of users are typically careless when it comes to app updates but this is one of the ways they lose their passwords in data leaks. Regular software updates are important for your online safety, thus, we recommend you set your applications to auto-update so that all the latest updates and security patches can be installed immediately after their release.

Also, it is a good idea to update the passwords of old and inactive accounts since these are the most common target of a password attack. You should not forget about them because people with malicious intentions can easily hack your login credentials and access sensitive data from those inactive accounts. If you don’t use an account and don’t plan on using it in the future, better deactivate or terminate it as another step towards your online protection.


14 responses to “This Password has Appeared in a Data Leak”
  1. Richard Dietzen Avatar
    Richard Dietzen

    iPhone password under settings is not saving newly listed (using suggested or created) passwords to list on multiple sites, is that being prevented by the site?

    1. Martina Nikolova Avatar

      Hi Richard. It could be that the websites doesn’t support this function. Try installing the chrome browser on your phone, I think will will have better results.

  2. Tracy Avatar
    Tracy

    For the recommendations, there is “high priority”. What does it mean?

    1. Martina Nikolova Avatar

      Could you please be more specific where these “high priority” recommendations are.

  3. Apolo Avatar
    Apolo

    So basically Apple can detect my (strong) password has been in a data leak for my bank but my banking institution doesn’t?
    Another issue is for those who have a mix of devices other than Apple. Storing and accepting strong automatic passwords on one OS doesn’t automatically transfer it to different OS devices. Which makes for very annoying management…

    1. Sarah Avatar
      Sarah

      I use a password app, Lockwise by Firefox. Because it’s browser based, it’s more easily transferable between iOS and PC environments. With all the passwords we need these days (and don’t forget you can’t reuse them 🙂 ). I don’t know how anyone could continue without a password manager

  4. Gems Avatar
    Gems

    I changed my passwords when I saw this message and the message didn’t go away, it’s still saying that there was a data leak. Is there a reason that I’m still seeing this message even after changing my password?

  5. Chris Leibel Avatar
    Chris Leibel

    Norton informed me about my google password got compromised about 5 minutes ago. Once I got the message, I immediately changed the password right there without any delay.

  6. Chris Avatar
    Chris

    How would you address the “…password for your “[websitename.com]” account has appeared in a data leak…” warning for a site that is no longer live? Do you suppose it’s a keychain memory or cache issue? Any thoughts on how to clear it?

    1. Martina Nikolova Avatar

      That is a good question. I will look into this and see what I can find.

  7. Sahara Avatar
    Sahara

    I have hundreds of passwords… All seem compromised. This is gonna take forever! Is this is really what I have to do? Change them all?

    1. Martina Nikolova Avatar

      Unfortunately this is the safest option. You can use a password manager to create more complex passwords and store then securely.

  8. R Avatar
    R

    Hi,

    I am hoping to see this notification a second time to see which passwords need resetting. Where can I see the list of breaches?

  9. jerry Avatar
    jerry

    Thanks for your information.

Leave a Reply

Your email address will not be published. Required fields are marked *