1200 passwords (most of them are same) — Multiple different pwds are being reported as compromised? iPhone 13 Pro Max.

[macintoshjordan]

Does anyone know how to fix this? I’ve changed my password last month and from 2025 and it’s even saying it’s compromised again.

I’ve made several different passwords to try and while they remain safe some of them are still becoming compromised? I’m checking them all in the Passwords app on my iPhone.

 

[macintoshjordan]

I’ll start by changing my passwords again, since they become get compromised.

 

[zkap]

I get this notification from time to time, as well. I have other people's passwords due to my work and it's usually some else's password that gets this notification about it showing up in a data leak.

 

[FreakinEurekan]

It's important to use UNIQUE passwords for every site/app. Otherwise if a single site gets compromised - the compromiser will try your email and THAT password EVERYWHERE - and guess what - it's gonna work 😬

Yeah it's a pain. But that's why we have password manager apps like Passwords. I "Know" perhaps 3 or 4 of my passwords - all the rest are just in the app and look like a random collection of characters (because - that's what they are).

 

[HouseLannister]

Make sure all your devices are up-to-date. If they were not before the compromise, maybe consider a full reset data wipe. DarkSword exploits of WebKit vulnerabilities mean just going to a bad website can compromise your phone, tablet, computer, etc. No sense in changing them all again if hackers can see everything you are doing on your devices.

 

[Howard2k]

It's important to use UNIQUE passwords for every site/app. Otherwise if a single site gets compromised - the compromiser will try your email and THAT password EVERYWHERE - and guess what - it's gonna work 😬

Yeah it's a pain. But that's why we have password manager apps like Passwords. I "Know" perhaps 3 or 4 of my passwords - all the rest are just in the app and look like a random collection of characters (because - that's what they are).

And use passkeys where you can - either virtual or physical. Particularly for the account that secures your password locker.

If I use Apple Password Manager to store my passwords and someone gets hold of my Apple ID and Apple Password, they have access to all of those other passwords too.

Primary Email and Apple ID should be passkeys, ideally a pair of physical keys.

 

[BigBlur]

A compromised password means that it was found in a leak. It doesn't necessarily mean that your account was leaked. For example, say someone is using 'FidoDog12345' as their password and their account got leaked due to a site breach they've been using it on. If you're also using 'FidoDog12345', then all your accounts using that password will say it is compromised even though it may not have been your account that got leaked.

Just for kicks, I once added a password entry for a non-existent site and used a super random/unique username along with a common password. Within a week, it was saying it was compromised. This just shows that the site or username doesn't play a role in compromised password detection.

To prevent this from happening, use a different password for every account. Also, don't make up your own easy-to-remember passwords. Chances are that someone else came up with that password too and it could have already been leaked. Use a password generator and let the password manager remember it for you.

 

[macintoshjordan]

Make sure all your devices are up-to-date. If they were not before the compromise, maybe consider a full reset data wipe. DarkSword exploits of WebKit vulnerabilities mean just going to a bad website can compromise your phone, tablet, computer, etc. No sense in changing them all again if hackers can see everything you are doing on your devices.

So a website can just hack my phone and I have to wipe it to remove the hack, sounds like a very secure product if you ask me.

 

[macintoshjordan]

So a website can just hack my phone and I have to wipe it to remove the hack, sounds like a very secure product if you ask me.

I’ve also been getting the black screen and loading circle every day, it’s pretty much annoying. Not sure if that means that someone is reconnecting my phone to a dos or hacking point to be untraceable and continue hacking me or if it’s a bug.