I received notification on my iPhone that my MSecure passwords have appeared in a data leak, putting those accounts at high risk etc.
Is this for real or a scam?
Thank you for contacting us. I'm not sure what you are referring to here, and if I'm understanding you correctly, we are not the ones sending the email you are referring to. Can you give me more information about what you see in that email? If it doesn't have any of your personal information in it, can you post the content of the email here?
Hey Mike, you really do not know what he is talking about? Google 'ios password notification'.
I too saw this alert today and have been working through all my passwords. When was mSecure hacked and why were we not alerted?
Took 4 tries for a password reset email to actually arrive.
What is going on with the service?
I don't know anything about what either you are Nick are referring to here. To our knowledge, there has been no attempts and certainly no successful attempts at hacking into any of our systems. Also, the notification @Nick was referring to is not something we send out to our customers. It could very well be that a password he was using for one of his online accounts did appear in a data leak, but that doesn't mean any of our servers have been compromised. The passwords stored in mSecure are simply copies of the data you use to sign in to various online accounts. If an online account is hacked, that does not indicate any type of problem in mSecure. It simply means that some online account system on which he has/had an account experienced a data leak. I would have liked to have acquired more information, but I was not able to.
It is highly unlikely that you are experiencing 5 months later is related to what Nick experienced, so we need to address whatever it is you are seeing as it's on own, isolated problem. What is the message you saw? When you say "Google 'ios password notification'", what does that mean? What exactly did the message tell you?
Also, what do you mean when you say it took 4 tries for a password reset email to actually arrive? How did you go about changing your password? If you did that from the Settings of mSecure on one of your devices, the email that is sent after you change the password may not arrive for awhile, and you don't need to change the password more than one time. Did you change your password from mSecure's Settings, or did you perform an account reset from our website?
Ok....let me see if I can explain all of this to you
I'm not sure why your email is sounding combative, but that's ok, as I'm definitely here to help. I still don't understand why you are thinking the email you are receiving from Apple is related to mSecure. As long as I'm not misunderstanding you in some way, I believe I understand what both you and Nick described about the email you received from Apple. I was not trying to say I wasn't aware that Apple sends out these types of emails.
Also, I'm not trying to infer that you shouldn't trust Apple's security team. That would be absurd of me. They have billions of dollars to put towards anything they need to research, so I'm certain their teams are up to the task of keeping most anything safe and reporting when it isn't.
What I'm trying to do is explain to you how mSecure works and at the same time get information I need to try to figure out what's happening. You and Nick are the only customers that have reported anything of this nature. That's 2 customers in 5 months. The problem is, I still don't understand what it is you received. Can you provide me more information about the email that was sent to you? We have not received any email like you are talking about. As mentioned above, other customers have not sent in similar requests. I wasn't able to get more information from Nick, so I don't have any idea what it is you have actually received. I want to understand what you are receiving, because if there is a problem with something in mSecure, we would want to fix it as quickly as possible. If there is a problem, however, we can't fix it until we know what the problem is.
As I said in my last post, to our knowledge, nothing in our servers has been compromised, and we have systems in place to alert us to these types of problems. Even though we have monitors for this type of thing, I still don't want to dismiss what you have received. Would you like to help me understand more of what you're talking about here? If so, I need to ask what might be a lot of questions about the email you received.
With regards to the password change, I just checked the account that's associated with the email address you're using here in the forum, and there was no sign of the account reset you are describing. When you change your password in the app's settings, you don't get an email sent to you asking you to click on a link to start any type of process. That email is only sent when you are fully resetting your account. When you update your password from mSecure's settings, you will receive an email with an updated QR code for authenticating as the owner of the account, but there is no email sent out that you need to interact with in order to change the password. Are you trying to reset a different account by chance?
Also, I checked the account reset system, and the emails are getting sent as they should be. As I mentioned before, it can take some time before the email arrives, but it shouldn't be longer than about 30 seconds or so. This is another issue we haven't had other customers report, so I can't tell you right now if it's a widespread problem or not. I can tell you that when problems are widespread, many, many customers report the issue.
Thank you for the screenshot. That's exactly what I was hoping to get from either you or Nick. I have not seen this message before, so it's what I needed to help me move forward in figuring out what is causing the message to be generated in iOS.
I'm still not sure why things have become as combative as they have, but I am here to help and try to figure out what's going on. If something on our end needs to be addressed, it will be addressed. We are always thankful for what our users report to us, because it helps to know when we are unaware of what is happening on their devices. We're not seeing this on our devices, and Apple has not alerted us about this issue, so all we can do is ask for information from our customers. Now that I have one screenshot from you, can start a better investigation of what's going on, as a simple Google search didn't help me find what I needed yesterday.
By the way, I see that you have sent in an email to our support team, and it's made it has way to my inbox. We'll continue the discussion there via email unless you would rather continue posting here in the support forum.