iCloud Keychain users might have seen this message about their passwords. If you have seen this, you may be a little (or more than a little) worried. What does this mean? Does someone have access to your accounts somewhere? Which ones and what should you do?
The message says: This password has appeared in a data breach, which puts this account at high risk of compromise. Likewise, you may also see a warning message saying “Compromised, reused password”.
See also: Keychain not working?
In this article, we will explain what it means to say that your password has appeared in a data leak, what you should do about it and how to prevent your passwords from being compromised in the future.
See also: Wi-Fi Weak Security Message on iPhone or iPad: WPA/WPA2 (TKIP) Not Considered Secure
Keychain Passwords and your Security Recommendations
When you use iCloud Keychain, your passwords are saved and updated across your devices: iPhone, iPad, and Mac. To find information about your saved passwords on your iPhone, go to Settings > Passwords. Here you can change some of your Keychain settings and edit or delete passwords from Keychain. If there are any Security Recommendations, you will see a warning here. Tap to learn more about the warnings and which passwords are involved.
See also: How To Manage Web Site Usernames & Passwords In Safari (iOS and macOS)
There are a few different warning messages you may see regarding your passwords. If there is anything “high risk” about one or more of your passwords, the warning messages will appear near the top of the page under High Priority. The most concerning is the one from the title of this article: This password has appeared in a data leak, …
Another message will tell you that you are reusing a password.
You can also see other password security messages under Other Recommendations. Here the messages you might see are: Reused password or Easily guessed password.
From the Security Recommendations page, you can tap on the message to see more information about your login credentials for that website. You will see your User Name, Password and the last date your password was modified.
See also: Set Up a New iPhone: How to Transfer Data from your Old iPhone
What Should you Do?
For any of these password security issues, you should change your password. Your passwords should be unique (i.e. not reused), and should not be easy to guess.
See also: Forgot your iPad Passcode? How to Reset to Factory Settings
Reused Password
The main issue that comes with reusing a password is that if your password is gathered in a data breach that affected one of your accounts, that password could be used by hackers to access other accounts where you have reused that same password.
See also: How to Import Chrome or Firefox Passwords to iCloud Keychain on Mac
Password that has Appeared in a Data Leak
You definitely need to change the passwords that have appeared in a data leak. If you see this message, your user ID and password have been compromised. This means that someone can use this information to gain access to your account.
See also: Safari Says: Not Secure. What Does It Mean?
You may be wondering how Apple finds out about these data leaks and knows that your info was involved. There are databases of user ID / password combinations that have been stolen from businesses and websites.
You can check if your passwords have been compromised on haveibeenpwned.com. This site collects information about data breaches. You can see which companies/websites have had data breaches, check your own passwords and set up notifications about future compromises to your accounts.
See also: How To View Saved Wi-Fi Passwords On Your Mac
Password and Security Recommendations
One thing you can do to protect your account’s integrity is to use 2-factor authentication when available. For your passwords, they should be at least 12 characters long, unique, and not be made from real words. iCloud Keychain can generate strong, unique passwords for you.
See also: How to Share Files and Folders in iCloud Drive
For the passwords that show up in your iPhone’s Security Recommendations (Settings > Passwords > Security Recommendations), you can select Change Password on Website to change your password or tap on the account, then select Change Password on Website.
Recent Articles:
I cannot remember passwords and some apps want me to type the password how on earth do I change every one of my passwords to something I can remember? Why when I changed my Apple ID on my iPad then used the link for my iPhone but later that day iPhone refuses to accept the new password for Apple ID. My iPad is working fine with it. I am not tech minded I am older how can I get help?
The link added above for “has my data been leaked” comes up with nothing, maybe Apple likes to mark files accessed by employees as “leaked” just in case, and doesn’t discuss it for appearances’ sake?
I have been a long time loyal Apple consumer like all of you as Apple has claims of tight security and great support!
Well we know now, Apple has gotten sloppy,lazy and slack on all fronts and tech support or support pages to find help is a joke and I find many of the higher rated spokesperson are rude to fellow Apple consumers trying to get answers to the issues they have ! Apple now is costly bloated technology that many of use did not mind spending the extra $$ cause Apple had our backs !!
This Apple iPhone 11 Pro Max and Apple iPad Air 3 gen are the end of my Apple purchases.
I’m in total agreement with you! We never had malware problems or data breaches in the past.. not to mention charging monthly for Word and other basic apps.. the wheel was not reinvented. Our loyalty won’t last long with treatment like this.
Steve Jobs has got to be rolling in his grave
The word processor “Word” is made by Microsoft not Apple. Apple’s version of it is called “Pages.”
I’m changing my passwords regularly and it still shows within a week or two that my new passwords are in a data leak. Does this mean my phone is hacked? I dont see how else my new passwords are known, no duplicates used
Same thing happened to me. The next day my iPhone seems to think if I log in to things on my iPad that everything is data leaked.
Even the instagram 2-identifications code generator on my other phone was leaked by this phone. I’m thinking that apple got leaked because my passwords are different for some. Was thinking of switching phones anyways and now more than ever because iphones are no longer safe as previously implied.
Well, if you see a single notification about password in data leak – someone hacked your password for that particular website.
If you see a few – you probably used same password for few of your websites.
But if you see *ALL* you passwords in the data leak – it means the key manager itself was hacked. Thanks, Apple!
If I just “delete password” on the list of problem passwords on my iPhone, what does that do? Does it solve any security issues? There are numerous data breaches and easily-guessed passwords in the list for websites I rarely visit so I don’t need a new password. I’m just not sure what hitting “Delete Password” on my phone is actually doing!
Why in the United Kingdom whenever an issue like this is raised there’s zero links nothing from apple. Supposedly most secure by looks of it because they don’t admit breaches in security!
I have 228 Security Recommendations because of a data leak? Do I need to change all of them?
I have received the same message. Makes you wonder just who had the security breach. Apple? To answe your question, according to the above, yes we have to change each and every password ‘immediately’. There does not appear to be an easy way to do this. Someone please correct me if I’m wrong.
I also have 100s of passwords that have been breached.
I came here hoping for a work-around but I guess I’ll have devote many hours updating each password one-by-one.
If you use a password manager like LastPass, there are some websites that allow LastPass to update passwords automatically with a strong randomized password. Those programs also include a good password generator that you can specify the length and complexity.