Security breach

[Stormy]

I received a notification on my phone about a security breach on this site in regards to my password.  What is going on?   Was there a security breach? 

[RadioRob]

No. What is happening is that you most likely allow your browser to remember your password to the site so you don’t have to type it in each time you visit. 

The password that you are using here in this site is known by the browser to have been used in other data breaches. 

Many people use the same password on multiple sites. So it’s easier to try to compromise an account by trying known usernames/passwords from other sites that have been hacked.

There is no way to expose passwords on this site. I have no way in the database of ever knowing your password. It’s encrypted with SHA256 and salted with another unique account identifier. The only way we validate logins to to compare the output of whatever password is entered to the hash in the database. So we don’t know what the password itself is only that it matches what was entered previously. 

So what does this mean at the end of the day?  The site/server here is NOT hacked. Your browser is telling you that the password you use to login here is known to have been in a data breach elsewhere so it’s a risk. As a general precaution, you should consider changing your password here (and anywhere else you use the same password) to something new and unique. 

If you need help changing your password just let me know and I’ll post a step by step guide.