.....

Quote:

Originally posted by MySpoof

I got a notification that my account and password were found on a list of compromised accounts was your server hacked?

This isn't my original account, I deleted my other account because thats the one that showed up on a compromised list,

Our server haven't been hacked as far as we know. We regulary do security audits and make sure all software we use is up to date. Only thing that could leak is your username and email address as that is the only thing we store.

Passwords are stored in our database using a base64 salt with bcrypt hashing. This will generate strong one-way hash after multiple round of hashing. Even we cannot reverse the password back to the original plain password.

To be honest this could be a couple of things:
- Your password was compromised by a unsecure connection (we use a https/ssl connection with SHA-256 with RSA Encryption). Most likely a compromised VPN/Proxy or WIFI.
- Your computer got compromised with spy-ware/trojan/worm/malware/keyloggers ect.

I would love to see the list of compromised passwords, so I can cross reference this with out database.

it happens when you use the same password for more than one website and store them in chrome/google or apple accounts as examples where ever your password is stored knows one of the sites has been compromised. basicly you should have seprate password for each website..

Quote:

Originally posted by Sumo999

it happens when you use the same password for more than one website and store them in chrome/google or apple accounts as examples where ever your password is stored knows one of the sites has been compromised. basicly you should have seprate password for each website..

An easier fix is don't store your passwords on chrome/google, or any other cloud. Write them down and keep them in a safe place, but that's probably too much work for all the people who think it has to be instantly.