The password for your "britishairways.com" account has appeared in a data leak...
#16
Moderator: British Airways Executive Club
Original Poster
Join Date: Nov 2010
Location: TPA/ABZ
Programs: BA Lifetime Gold. GGL/CCR.
Posts: 13,248
Yeah, the links in the Safari home page alerts like this take you to the site of the compromised account, so in this case britishairways.com to give you a little push to change your password.
I think that's really weird golfmad - if it's a 1Password generated password then it's going to be properly unique, so this means that there's been a leak of plaintext passwords from BA. They're not necessarily going to have the email stored next to them, but all the details I can find about the known BA data breach are that it included "customer details", nothing about passwords 😕
I think that's really weird golfmad - if it's a 1Password generated password then it's going to be properly unique, so this means that there's been a leak of plaintext passwords from BA. They're not necessarily going to have the email stored next to them, but all the details I can find about the known BA data breach are that it included "customer details", nothing about passwords 😕
Safari does have this built in warning but the UI for could be improved massively by not putting in a suspicious link. Not sure how, maybe by telling you go to keychain and go to the change password page of the website instead of just the link.
As far as I know, the check doesn't align the username with your password, it just looks to see if that password has been in any of its leak sources anywhere, not necessarily against your username. For the security conscious, it doesn't pass/check full plain text passwords, I assume there's some cryptgraphic hashing or similar used. But the best course of action is what you've done and to just change your BA password to a new complex password.
If the password is in that database it would provide a neat answer that is most likely nothing to do with me or BA. Just some random coincidence that Safari spotted. I will report back.
#17
Join Date: Dec 2019
Location: London
Programs: FSPP | Virtuoso | MO Fan Club
Posts: 22
Yes, that was the first site I looked at but the main search facility only checks against email addresses or phone numbers and my details are not listed. I am currently downloading the full set of passwords from that site in order to run a search there.
As I said in post 1 that was the first thing I did.
As I said in post 1 that was the first thing I did.
For example: if you enter "password" (without the quotes) on that site you should get this result "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8"
Take the first 5 characters (5baa6) of the hash and query it against the API like this:
https://api.pwnedpasswords.com/range/5baa6
You'll get a long list of random looking letters, now use ctrl-f to search for the last part of the hash (1e4c9b93f3f0682250b6cf8331b7ee68fd8 for the purposes of our example)
If you don't get any results, your password is not in the pwned passwords database.
If you do get a result, it will look like this: 1E4C9B93F3F0682250B6CF8331B7EE68FD8:9545824
The number after the : indicates how many times this password has been seen by pwned passwords.
#18
Moderator: British Airways Executive Club
Original Poster
Join Date: Nov 2010
Location: TPA/ABZ
Programs: BA Lifetime Gold. GGL/CCR.
Posts: 13,248
You can use the API to check your password against pwned passwords. First, calculate a SHA1 hash of your password. If you don't know how, you can do so at https://emn178.github.io/online-tools/sha1.html At the time of writing this site does not send entered data anywhere, but calculates the hash in your browser. Of course, that could change at any time.
For example: if you enter "password" (without the quotes) on that site you should get this result "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8"
Take the first 5 characters (5baa6) of the hash and query it against the API like this:
https://api.pwnedpasswords.com/range/5baa6
You'll get a long list of random looking letters, now use ctrl-f to search for the last part of the hash (1e4c9b93f3f0682250b6cf8331b7ee68fd8 for the purposes of our example)
If you don't get any results, your password is not in the pwned passwords database.
If you do get a result, it will look like this: 1E4C9B93F3F0682250B6CF8331B7EE68FD8:9545824
The number after the : indicates how many times this password has been seen by pwned passwords.
For example: if you enter "password" (without the quotes) on that site you should get this result "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8"
Take the first 5 characters (5baa6) of the hash and query it against the API like this:
https://api.pwnedpasswords.com/range/5baa6
You'll get a long list of random looking letters, now use ctrl-f to search for the last part of the hash (1e4c9b93f3f0682250b6cf8331b7ee68fd8 for the purposes of our example)
If you don't get any results, your password is not in the pwned passwords database.
If you do get a result, it will look like this: 1E4C9B93F3F0682250B6CF8331B7EE68FD8:9545824
The number after the : indicates how many times this password has been seen by pwned passwords.
[The 600m+ list of hacked passwords that I downloaded is still expanding.]
#19
Ambassador: Emirates Airlines
Join Date: Sep 2004
Location: Manchester, UK
Posts: 18,613
https://haveibeenpwned.com/Passwords
I've had the same thing happen on my iPhone for my main Google account - again, a unique password used only for Google. I suspect it's an Apple bug of some sort.
#20
Join Date: Oct 2021
Location: TX
Programs: Alaska, AA, Marriott
Posts: 943
#21
Join Date: Apr 2000
Location: LAX and LHR. UA lifetime Gold 1.9MM 1K , DL Gold Medallion, HHonors Gold, Marriott Gold, Avis President's Club
Posts: 3,592
No, this is a real feature: https://www.macworld.com/article/553...d-warning.html
#23
Moderator: British Airways Executive Club
Original Poster
Join Date: Nov 2010
Location: TPA/ABZ
Programs: BA Lifetime Gold. GGL/CCR.
Posts: 13,248
Just click on the passwords tab and enter your password :-
https://haveibeenpwned.com/Passwords
I've had the same thing happen on my iPhone for my main Google account - again, a unique password used only for Google. I suspect it's an Apple bug of some sort.
https://haveibeenpwned.com/Passwords
I've had the same thing happen on my iPhone for my main Google account - again, a unique password used only for Google. I suspect it's an Apple bug of some sort.
#24
Join Date: Oct 2021
Location: TX
Programs: Alaska, AA, Marriott
Posts: 943
It's possible you have an old password still stored in Keychain somewhere, too, and it matched that one.
#25
Moderator: British Airways Executive Club
Original Poster
Join Date: Nov 2010
Location: TPA/ABZ
Programs: BA Lifetime Gold. GGL/CCR.
Posts: 13,248
#26
Moderator: British Airways Executive Club
Original Poster
Join Date: Nov 2010
Location: TPA/ABZ
Programs: BA Lifetime Gold. GGL/CCR.
Posts: 13,248
My wife's current (eek) password (which is in my keychain on my machine as well) is in the database. I have tried to drag her into the 1Password age but I'm having to do it one password at a time. I'm off to change hers now. Thanks for the suggestion. I think that this has solved the mystery and well done Safari!
#27
Join Date: Jan 2009
Location: OKC
Programs: IHG Spire, National Exec, AA Plat
Posts: 2,274
You can check https://haveibeenpwned.com/ to see if your account has been included in data breaches.
If I were you I'd change that password. Even if it is complex, the fact that it showed up in a previous breach makes it less secure.
If I were you I'd change that password. Even if it is complex, the fact that it showed up in a previous breach makes it less secure.