JPF Home Page Forums General Messages General Message Forum Compromised Password

Apple just informed me that my password on this site has appeared in a data leak and I should change it immediately, which I have done. You might want to check. If you have an iPhone, you could try logging in and see if you get the same message. Or you could just change your password anyway. I'm no expert, so I don't know how much of a problem, if any, this will be. In my case, I suppose someone could have taken over my account and posted better songs and more intelligent comments.

Damn, that was quick! I was going to post Heavy Metal "Trump Love" songs as YOU, but I wasn't fast enough!

I hope it was really Apple...phishing has become very sophisticated....

It came up on my iPhone when I tried to log in rather than in an email. I don't know if it has to do with the fact that JPF is an unsecured site. My Firefox browser comes up with a warning that my password could be compromised when I sign in here.

Interestingly, Apple also gave me the same data leak warning for Spotify. This would appear to be based on genuine information.
https://www.digitalmusicnews.com/2021/02/05/spotify-hacked-credential-stuffing/

Is it a bad idea to use password, as a password?

I googled it Gavin and it seems these types of messages have come from Apple in the past....so I expect it's legit

And it's a Dom thing to use password as your password

That is NOT legit or we'd have every Apple user here saying the same thing. You just got phished. Hopefully you used a one off password or your other accounts using that one are now compromised.

We are NOT an unsecured site. We just didn't spend the money to update to GOOGLES preferred standards. Seriously guys, never NEVER believe any random email or text or IM or DM etc. you get no matter how convincing as 99.99% of the time it is PHISHING!

I think Brian is right... I don't connect my Apple mini to the internet anymore because, every time it updates, it gets slower and glitchier! Last year, after an update, I did a full system wipe/recovery, loaded my older saved versions of GarageBand and LogicX, turned off Wi-Fi, and I haven't had a problem with it since. It seems to me that Apple computers are just like their phones, you have to keep buying new hardware every couple of years just to keep up with the software... and Apple is so "pro google" you can't tell where one ends and the other begins.

I surf the net with a Windows10 laptop, Firefox, and google, and I have three different Email accounts; But I only use my google address to create accounts at sites like this. So, it's only my google Mail that gets spammed... I also never "sync" my computer with my phone since my other Email addresses are linked to important stuff.

My point is, google and Apple are all about tracking every little thing you do online. THEY WILL LIE TO YOU and try to convince you that, in order to be safe and secure online, you must use their software EXCLUSIVELY. So, it always makes me wonder why my other accounts never get spammed... I get those warnings about "unsecured sites/logins" all the time as well, but since I only "browse" with google... I ignore them.

I did some more research. It seems that what Apple is doing is cross-referencing your password (if you have saved it in you phone) against passwords that appear in data breaches that can be found online for use by bad people. So, it is not site specific. Unless you have used the password only on one site, you are not able to know from Apple's warning where the breach occurred, just that your password is out there.

I don't think it's Phishing. It didn't come in an email, text, IM or DM. It is a feature of the latest Apple operating system. I am inclined to believe them. However, as my post above makes clear, there is no way to know how the bad guys got hold of the password and no indication that it has anything at all to do with JPF.

As for the not secured message from Firefox, I assume it has to do with the http vs https thing. I had the same issue at one of my websites and the switch was a bit of a pain, although the fact that I use Wordpress made it a bit easier as they implemented a way to automate it in their latest release.

So I guess the takeaway might be to use a unique password for every site you sign up to, so that it doesn't matter so much if they get hold of your credentials. That might mean using a password manager.

It will cost us thousands of dollars to update the format. If anyone wants to donate the money, let me know. Otherwise it will remain as is. You should never repeat passwords on any site you frequent. The big sites get penetrated regularly, including banks and retailers. Often it is insiders who do it. These lists are all over the net to anyone willing to pay the cost. If a hacker WANTS in to your account, they will get in. It takes a password cracker minutes to find every numeric and alphabetical combination and breach your account.

Always use credit cards (never debit) and have nearly zero fear. In the USA you are not responsible for credit fraud. They can (and do) track down the sources of hacking and get their money back. This site uses no money so there's no point in hacking it. If you use any other major sites with the same password, look there for breaches. The https change was simply about further reliance on google spying and tracking. There's nothing for us by spending money outside of keeping those without knowledge of these realities scared and controlled.

Relax, they do not care about your account here. Even our tiny budget has kept 99% of spammers at bay all these years. Sure, they pop up now and then but are usually gone when someone notices.

"""So I guess the takeaway might be to use a unique password for every site you sign up to, so that it doesn't matter so much if they get hold of your credentials. That might mean using a password manager."""

"""You should never repeat passwords on any site you frequent. The big sites get penetrated regularly, including banks and retailers"""

The banks, SSA, VA, etc... typically require you to change your passwords annually anyway. So, the simple solution is, never use a Google browser or Gmail address for the important stuff; and when your Gmail "spam" folder gets full, just kill the account and create another one. Just think of everything associated with Google as "disposable" and you'll be fine.