Prudence V Posted April 5, 2021 Share Posted April 5, 2021 This morning when I logged in to LS, I got an alert from my OS warning me to change my password as it had been had appeared in a data breach and was no longer secure. (I changed it immediately.) I don’t use this username, or password, or the email account attached to it, for any other purpose, so it seems the breach must have come from here. Has anyone else been alerted to a breach? And who would want to hack accounts on this site? It seems a bit random... Link to post Share on other sites
glows Posted April 5, 2021 Share Posted April 5, 2021 Nothing on my end. Link to post Share on other sites
Wiseman2 Posted April 5, 2021 Share Posted April 5, 2021 9 hours ago, Prudence V said: This morning when I logged in to LS, I got an alert from my OS warning me to change my password as it had been had appeared in a data breach and was no longer secure. (I changed it immediately.) I don’t use this username, or password, or the email account attached to it, for any other purpose, so it seems the breach must have come from here. Has anyone else been alerted to a breach? And who would want to hack accounts on this site? It seems a bit random... You need to stop using "I love wiseman" as your password. But seriously, I've gotten these popups (not from here) randomly. 1 Link to post Share on other sites
basil67 Posted April 5, 2021 Share Posted April 5, 2021 no alerts received here Link to post Share on other sites
6ix Posted April 6, 2021 Senior Moderators Share Posted April 6, 2021 14 hours ago, Prudence V said: This morning when I logged in to LS, I got an alert from my OS warning me to change my password as it had been had appeared in a data breach and was no longer secure. (I changed it immediately.) I don’t use this username, or password, or the email account attached to it, for any other purpose, so it seems the breach must have come from here. Has anyone else been alerted to a breach? And who would want to hack accounts on this site? It seems a bit random... Nothing on this end, either. Have you tried putting your email address into https://haveibeenpwned.com? It will tell you the data breaches your email has been involved in. 1 Link to post Share on other sites
Author Prudence V Posted April 6, 2021 Author Share Posted April 6, 2021 5 hours ago, 6ix said: Nothing on this end, either. Have you tried putting your email address into https://haveibeenpwned.com? It will tell you the data breaches your email has been involved in. Yeah, the email account itself is secure; the warning related specifically to my username and password on this site. It’s happy since I changed it, and if no one else is getting warnings, maybe it was just a random overzealous response from iPadOS. Link to post Share on other sites
Wiseman2 Posted April 6, 2021 Share Posted April 6, 2021 (edited) 2 hours ago, Prudence V said: Yeah, the email account itself is secure; the warning related specifically to my username and password on this site. It’s happy since I changed it, and if no one else is getting warnings, maybe it was just a random overzealous response from iPadOS. Our devices and apps are designed to make us paranoid so we have to update and buy new stuff constantly. Silicon valley has built in obsolescence down to a tee. That's why they're bazillionaires and the users are sweating bullets wondering why everything needs chronic updating, replacement, etc. In fact the lastest version of windows updates can't even be turned off. So there you are in the middle of something and boom it slows to a crawl or just decides that you've put it off too long and restarts itself. Of course then there's a crapton of bloatware to uninstall. Apple products tend to be better machines and software, but they're catching on. Edited April 6, 2021 by Wiseman2 1 Link to post Share on other sites
Shining One Posted April 6, 2021 Share Posted April 6, 2021 4 hours ago, Prudence V said: Yeah, the email account itself is secure; the warning related specifically to my username and password on this site. It’s happy since I changed it, and if no one else is getting warnings, maybe it was just a random overzealous response from iPadOS. I'm not familiar with the inner workings of the iPadOS password breach detection software, but if it works in similar fashion to other breached password detection tools, it functions like this: Your password gets hashed (converted into unique, longer string using non-reversible encryption). Your device sends a part of that string to a server which contains a list of hashed passwords that have been breached. The server returns a list of all hashed passwords that match the partial string. Your device compares the complete hashed password against the hashed password list received from the server. If the hashed password appears in the list, you receive a warning. You will note that it's only checking the password and not a combination of username / email address and password. Thus, it someone else used the same password as you on a different site and that site got breached, you will receive this warning. 3 Link to post Share on other sites
Wiseman2 Posted April 6, 2021 Share Posted April 6, 2021 6 hours ago, Shining One said: You will note that it's only checking the password and not a combination of username / email address and password. Thus, it someone else used the same password as you on a different site and that site got breached, you will receive this warning. Yep, I get this all the time. For example, if you are using 'ilovewiseman' on say any other site (regardless of email, username etc) you'll get a notice. 1 Link to post Share on other sites
Author Prudence V Posted April 7, 2021 Author Share Posted April 7, 2021 On 4/6/2021 at 1:36 PM, Shining One said: Thus, it someone else used the same password as you on a different site and that site got breached, you will receive this warning. Thanks - that’s really helpful. I have previously had other alerts telling me that some of the other passwords in my keychain have appeared in other data breaches, but as they’ve been for user accounts that no longer exist (university logins for jobs I left decades ago, or a customer login for a business that no longer exists, etc) I’ve never bothered to do anything (they’re not passwords I use anywhere currently) but this one was current, so I reacted. Perhaps it’s time to prune my keychain Link to post Share on other sites
Author Prudence V Posted April 7, 2021 Author Share Posted April 7, 2021 23 hours ago, Wiseman2 said: Yep, I get this all the time. For example, if you are using 'ilovewiseman' on say any other site (regardless of email, username etc) you'll get a notice. I wish you wouldn’t keep broadcasting my password like that. Good thing I updated it to “ilovewiseman2”. 3 Link to post Share on other sites
Paul Posted April 8, 2021 Board of Directors Share Posted April 8, 2021 (edited) Hi all, We do our best to keep your data safe and secure and are not aware of any data breaches. However, cybersecurity is a constantly moving target, with bad actors constantly evolving new ways to attempt to circumvent protections. Fortunately, there are steps you can take to mitigate your personal exposure. On 4/6/2021 at 2:31 AM, Prudence V said: It’s happy since I changed it, and if no one else is getting warnings, maybe it was just a random overzealous response from iPadOS. As @Shining One shared, this particular alert is coming from a feature of Apple's software that is comparing your password to those that have been used in other places where passwords are known to have been compromised. From Apple's support documentation: https://support.apple.com/en-us/HT212195 Quote Your device may also inform you of passwords that may have been compromised in a data breach. This feature uses strong cryptographic techniques to regularly check derivations of your passwords against a list of breached passwords in a secure and private way that doesn’t reveal to Apple your accounts or passwords. Apple will send to your device a list of common passwords that are present in data breaches. For your passwords that are not in this list, your device will send information calculated from your passwords to Apple to check if the passwords may be present in a data breach. You will be warned about your passwords determined to possibly be in a data breach. Your actual passwords are never shared with Apple, and Apple does not store the information calculated from your passwords. You can disable this feature at any time by going to Settings > Passwords > Security Recommendations. This means that someone, somewhere happened to use the exact same password on a service whose passwords have been compromised. Attackers know that many people reuse passwords across multiple services, so while you might think the password you use here isn't very valuable to anyone else, they know there's a chance you might use the same email address/username and password on your bank's web site. Attackers are also able to use this data to see what sorts of passwords are frequently used and can guess what yours might be. It's a good idea to use unique passwords or pass phrases for every account you control--never reuse or share a password for different accounts, sites, and services. People have lots of accounts, so consider using a password manager that generates random passwords for you to help keep it all organized and ensure that all of your passwords are unique, random, and secure. Also, consider activating two-factor authentication from within your account settings. You can learn more about other ways to protect your account by visiting Staying Safe on LoveShack.org. If you have any concerns, please reach out! Best, Paul Edited April 8, 2021 by Paul 1 1 Link to post Share on other sites
Recommended Posts