Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

HDFan

Contributor
Original poster
Jun 30, 2007
6,562
2,824
I have received this message a few times. It looks legitimate, but wanted to check.

Screenshot 2024-03-26 at 01.46.10.png
 

WildCowboy

Administrator/Editor
Staff member
Jan 20, 2005
18,390
2,825
We have not seen any signs of a leak on our side and passwords are not stored in plain text. Our suspicion about the compromised accounts here is that they have been due to weak/reused passwords.

Note that Apple's warning does not mean that your MacRumors account information has specifically appeared in a data leak. All it means is that the password you use on your MacRumors account has appeared in a leak, with no other context.

If it's not a particularly strong password, you may see false positives from Apple's system. For example, if somebody else by chance used the same password for their account on some other site and it leaked, Apple's system will still flag it and warn you even though the leak has nothing to do with you or any your accounts. Obviously the stronger your password, the less likely you'll have a match from an unrelated place, but it still happens.
 

maflynn

macrumors Haswell
May 3, 2009
73,447
43,358
We have not seen any signs of a leak on our side and passwords are not stored in plain text. Our suspicion about the compromised accounts here is that they have been due to weak/reused passwords.
That's good to know, thanks for updating us. When I see a mod state that they seen a spate of compromised accounts, one can jump to conclusions as i had :)
 

Nermal

Moderator
Staff member
Dec 7, 2002
20,627
3,987
New Zealand
That's good to know, thanks for updating us. When I see a mod state that they seen a spate of compromised accounts, one can jump to conclusions as i had :)
Sorry: I was in the middle of something else at the time so could only write a terse reply, and I just wanted to get the "change your password" out there. As WildCowboy says, we have no reason to believe that there's been a leak at our end.
 

Chuckeee

macrumors 68000
Aug 18, 2023
1,757
4,315
Southern California
Sometime accounts names and passwords are post online with totally bogus passwords or very old passwords. They strive to make the lists look large, and all encompassing but they are not necessarily accurate. And the warnings you receive are that your account name and a password have been posted/published, not necessarily your current password
 

HDFan

Contributor
Original poster
Jun 30, 2007
6,562
2,824
Our suspicion about the compromised accounts here is that they have been due to weak/reused passwords.

The password in question was 25 characters, upper/lower case with symbols and numbers which 1Password considered a "fantastic" length. Changed it anyway.
 
  • Like
Reactions: G5isAlive

maflynn

macrumors Haswell
May 3, 2009
73,447
43,358
The password in question was 25 characters, upper/lower case with symbols and numbers which 1Password considered a "fantastic" length. Changed it anyway.
I use 1Password to create complex passwords, I also have 2FA enabled here. I usually shy away from 2FA and avoid it but various reasons its been enabled here at MR. I was close to turning it off just last week, but given what you posted, its probably safe to keep it active.
 

axantas

macrumors 6502a
Jun 29, 2015
807
1,114
Home
Note that Apple's warning does not mean that your MacRumors account information has specifically appeared in a data leak. All it means is that the password you use on your MacRumors account has appeared in a leak, with no other context.

This is the most important fact about that (useful btw.) warning from Apple. I did get the warning myself, because I use a common, "real" word as password at MacRumors - like "Icecream" for instance. But this icecream is not linked to my account in this leak.

Years ago I started to use misspelled words, because I like to keep some passwords in my head. So "Icecarem" as a simple example already could add some additional security.
 
  • Like
Reactions: G5isAlive
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.