Chat support available. Click the chat icon on the bottom right corner to start chatting with us right away!

mSecure Support

Knowledge Base Forums Submit a ticket

Compromised Passwords notification

I received notification on my iPhone that my MSecure passwords have appeared in a data leak, putting those accounts at high risk etc.

Is this for real or a scam?

Hi Nick,

Thank you for contacting us. I'm not sure what you are referring to here, and if I'm understanding you correctly, we are not the ones sending the email you are referring to. Can you give me more information about what you see in that email? If it doesn't have any of your personal information in it, can you post the content of the email here?

Hey Mike, you really do not know what he is talking about? Google 'ios password notification'. 

I too saw this alert today and have been working through all my passwords. When was mSecure hacked and why were we not alerted?

Took 4 tries for a password reset email to actually arrive. 

What is going on with the service?

I don't know anything about what either you are Nick are referring to here. To our knowledge, there has been no attempts and certainly no successful attempts at hacking into any of our systems. Also, the notification @Nick was referring to is not something we send out to our customers. It could very well be that a password he was using for one of his online accounts did appear in a data leak, but that doesn't mean any of our servers have been compromised. The passwords stored in mSecure are simply copies of the data you use to sign in to various online accounts. If an online account is hacked, that does not indicate any type of problem in mSecure. It simply means that some online account system on which he has/had an account experienced a data leak. I would have liked to have acquired more information, but I was not able to.

It is highly unlikely that you are experiencing 5 months later is related to what Nick experienced, so we need to address whatever it is you are seeing as it's on own, isolated problem. What is the message you saw? When you say "Google 'ios password notification'", what does that mean? What exactly did the message tell you?

Also, what do you mean when you say it took 4 tries for a password reset email to actually arrive? How did you go about changing your password? If you did that from the Settings of mSecure on one of your devices, the email that is sent after you change the password may not arrive for awhile, and you don't need to change the password more than one time. Did you change your password from mSecure's Settings, or did you perform an account reset from our website?

Ok....let me see if I can explain all of this to you

  1. Apple Computer Inc has a massive highly skilled security team that looks for data leaks of users passwords for instance 'mSecure'. When a leak is reported for a site, that a user has a password for on an IOS/iPadOS or macOS device, the device presents an alert to the end user. 
  2. With all due respect I trust Apple's SEC team far more than yours. If I cross reference all of the other sites they state my password has been compromised on, as I did Sunday morning, I find all of those passwords no longer work. Which means the owner of the site was alerted their user passwords had been compromised so they invalidated ALL of them. During my check on Sunday I found a 100% correlation in what Apple reported to sites where my old password no longer worked. Therefore I would advise mSecure to look in to things. 
  3. You are correct that YOU(mSecure) does not send the alert. It is handled by Apple to any device where the password has been used. I attached a screenshot of the iPadOS alert. You may want to look at it. 
  4. You would be very wrong regarding that what I am seeing and what Nick saw are not the EXACT SAME THING. You simply have to put together he was alerted by Apple, using the same method they alerted me with, to multiple websites having their passwords leaked inlcuding mSeven. I find your abject resistance to accepting any responsibility in this matter pretty amusing.
  5. Not sure how I can be more clear about the password reset email. I hit the button once and waited....10 minutes with no reset email arriving. I hit it two more times, no email. After clicking it the 4th time a reset email showed up within 3 mins. Tells me either your system is very poor or it was overwhelmed with password resets by other people who saw the Apple alert. 
Hope that helps you understand the basics. You may want to consult a tier 2 person or maybe someone in Engineering that actually codes the product on IOS. Most likely they will understand the problem. 

I'm not sure why your email is sounding combative, but that's ok, as I'm definitely here to help. I still don't understand why you are thinking the email you are receiving from Apple is related to mSecure. As long as I'm not misunderstanding you in some way, I believe I understand what both you and Nick described about the email you received from Apple. I was not trying to say I wasn't aware that Apple sends out these types of emails.

Also, I'm not trying to infer that you shouldn't trust Apple's security team. That would be absurd of me. They have billions of dollars to put towards anything they need to research, so I'm certain their teams are up to the task of keeping most anything safe and reporting when it isn't.

What I'm trying to do is explain to you how mSecure works and at the same time get information I need to try to figure out what's happening. You and Nick are the only customers that have reported anything of this nature. That's 2 customers in 5 months. The problem is, I still don't understand what it is you received. Can you provide me more information about the email that was sent to you? We have not received any email like you are talking about. As mentioned above, other customers have not sent in similar requests. I wasn't able to get more information from Nick, so I don't have any idea what it is you have actually received. I want to understand what you are receiving, because if there is a problem with something in mSecure, we would want to fix it as quickly as possible. If there is a problem, however, we can't fix it until we know what the problem is. 

As I said in my last post, to our knowledge, nothing in our servers has been compromised, and we have systems in place to alert us to these types of problems. Even though we have monitors for this type of thing, I still don't want to dismiss what you have received. Would you like to help me understand more of what you're talking about here? If so, I need to ask what might be a lot of questions about the email you received.

With regards to the password change, I just checked the account that's associated with the email address you're using here in the forum, and there was no sign of the account reset you are describing. When you change your password in the app's settings, you don't get an email sent to you asking you to click on a link to start any type of process. That email is only sent when you are fully resetting your account. When you update your password from mSecure's settings, you will receive an email with an updated QR code for authenticating as the owner of the account, but there is no email sent out that you need to interact with in order to change the password. Are you trying to reset a different account by chance?

Also, I checked the account reset system, and the emails are getting sent as they should be. As I mentioned before, it can take some time before the email arrives, but it shouldn't be longer than about 30 seconds or so. This is another issue we haven't had other customers report, so I can't tell you right now if it's a widespread problem or not. I can tell you that when problems are widespread, many, many customers report the issue.

  1. Your willful blindness to a security issue. See attached screenshot.
  2. Yes, based on the words you used you did. 
  3. I am well versed in how mSecure works given my 20+yrs of IT experience, can read and purchased the product based on how it works. Again, please see attached screenshot or google the term "ios password leak alert"
  4. You keep babbling about servers and systems but never specifically call out WHICH ones e.g. website, authentication or support not to mention the actual servers that arbitrate the syncing of passwords between devices. 
  5. Wow...thanks for validating you are not looking in the right place. As I have stated three times now I have was able to trigger the reset email on the 4th try. Sort of invalidates what you are saying right? Or maybe you are simply not understanding I was resetting Support login? Not sure how I can be more clear.
  6. Which emails? For what service? 

We can drop this whole discussion as it is a completely pointless waste of time trying to convey, via words and screenshots.

Thank you for the screenshot. That's exactly what I was hoping to get from either you or Nick. I have not seen this message before, so it's what I needed to help me move forward in figuring out what is causing the message to be generated in iOS.

I'm still not sure why things have become as combative as they have, but I am here to help and try to figure out what's going on. If something on our end needs to be addressed, it will be addressed. We are always thankful for what our users report to us, because it helps to know when we are unaware of what is happening on their devices. We're not seeing this on our devices, and Apple has not alerted us about this issue, so all we can do is ask for information from our customers. Now that I have one screenshot from you, can start a better investigation of what's going on, as a simple Google search didn't help me find what I needed yesterday.

By the way, I see that you have sent in an email to our support team, and it's made it has way to my inbox. We'll continue the discussion there via email unless you would rather continue posting here in the support forum.

Login or Signup to post a comment