How to get rid of bogus "Compromised Password" message on Safari

Change Passwords preferences on Mac indicates that you may have selected "Detect compromised passwords."

I would go directly to the website mentioned and change the password. You should be able to find them in the Password Preferences without clicking the link.

Suzan52 wrote:

MacBook Air with macOS Monterey 12.3.1

A "Compromised Password" message has started appearing on my Safari homepage.

The exact sites it mentions differ.

I am obviously not going to click on the link. That would be mighty dumb.

However how can I get rid of it?

I have tried clearing my history and that seems to work for a couple pages or so. But the message keeps coming back.

Any ideas?

Thanks!

https://discussions.apple.com/content/attachment/4016884f-bd4c-4427-bf53-df2f3cb2b46e

You have a setting in Safari>Preferences>Passwords you can uncheck the box

It's a legitimate popup almost certainly. Passwords & Privacy – Apple Support (UK).

You should change those passwords, but to make sure you understand, your account wasn't compromised. The password you are using on those accounts was found in a data leak.

So, all of those passwords are published to the brute force dictionaries. In general, I would not expect Amazon to be susceptible to a brute force attack, but combined with some other zero-day exploit, they might.

The fact that someone could exfiltrate a list of passwords demonstrates that there are many services that do not understand security in the least. They should never be storing your password in any way that can be recovered. Whenever signing up for some service, you should immediately try to recover a "lost" password. If they provide your old password, you should stop using that service.

You should never re-use passwords as once one is discovered, they will try using the same password on any possible account anywhere that sounds like it might be yours.