Monzo community data breach? (Confirmed: No Evidence)

Not quite sure where exactly to post this, but:

I only use that password here. It’s iCloud generated. It’s not replicated anywhere else. So for it to show up in a data leak could have only come from this community being compromised. Unless by chance someone is using the exact same password as me somewhere else on the internet.

I’ve updated both my email (to an iCloud generated hide my email from an old disposable gmail) and my password out of caution.


Does Apple use Have I Been Pwned to check for passwords in data leaks, or some other service?
Have I Been Pwned isn’t flagging any issue with my Monzo community password: Have I Been Pwned: Pwned Passwords

I had totally forgot that site to check.

My email is up to 12 breaches now. :melting_face:

1 Like

What’s flagging that? And do you trust whatever it is?

I don’t believe so. Nothing on have I been pwned but it’s not the best nor most reliable source for data leaks. My email hasn’t appeared in the data leak, just the password, apparently.

Apple (iCloud+) are flagging it. Of course I trust them.

A bit worrying! How unique is the password?

I wonder if there is any investigation of the forum backend that @alandoe can do?

1 Like

Randomly generated by keychain, so pretty unique I’d have thought!

1 Like

Currently I don’t have Monzo on my list of compromised passwords (I actually have never looked at this and I have 56!)

Edit: I tell a lie I read something wrong it’s far more when including reusing passwords!

Well, guess I know how I I’m spending my weekend…


I saw this last year and immediately stopped using randomly generated passwords by Chrome because put simply they are super easy to crack.

I now use three random words separated with some additional special characters and numbers included. I’m surprised by some of the websites that don’t allow more than 12 characters


What kind of passwords does Chrome suggest?

As an example, Apple suggest passwords like:


(This isn’t a password I use, just randomly generated one)


I was on a website recently that wouldn’t allow a special character in a password :man_facepalming:

I felt shamed when I had similar results so I moved to Bitwarden and gradually changing mine.

Far too many years of using the same insecure password in lots of places.


I have moved away from using the same password for everything but still have ways to go.

I’m actually going to use this to check what websites I have accounts with that I never use and actually can delete, or use an old email address for.

I’ll still use Apple though; it’s easier and all stored in one place across my devices.


That’s what I did a while back. It was astonishing how many niche forums there were, or random small online shops (this was back when genuine small shops had their own websites rather than the random drop shipped crap from a fake ‘shop’ places that exist now), and especially sites I’d basically used once and once only

You might find the job quicker than you expected; if some of your logins are as old as mine were, there were a lot of sites and places that, when GDPR came along, purged account details and passwords f they weren’t being actively used.


Basically that sort of password. But random combinations are now thought not to be as secure as all that.

It’s totally shameful in the light of all the current cyber threats that companies haven’t stepped up their password game. MFA is a must if you can’t allow complex passwords

1 Like

Not sure where Apple get their data from, but I just checked haveibeenpwned for my Monzo Community password and it does not appear in any leaks.

Do Apple claim/promise that any password they give you is unique?

I don’t think I’ve seen that before but they are fairly random it seems, and it would be mighty odd for them not to be unique.


“iPhone can help you resecure your account.” Really?

1 Like