My password has been pwned. What does this mean?
At Nodecraft, we take your security and privacy very seriously.
If you have received this notice on your account, we have discovered that your password has been previously used on another website that has had a data breach, more commonly known as being "pwned". Third-party data breaches are common, and lists of emails/usernames/passwords are regularly published online. Hackers can then use these lists to perform what's known as a "credential stuffing" attack, where they throw lots of usernames/passwords at websites, and try to access accounts using the leaked credentials, even if these accounts are on unrelated sites.
The pwned passwords are not Nodecraft related, and Nodecraft has never been subject to a data-breach or leak, but we know that many customers reuse their passwords on several websites and as such have notified you so you can take the necessary actions to protect yourself.
How does this work?
Nodecraft securely checks if your password has been pwned using respected industry standards. We never store or send your password in plaintext to any third-party service. For more technical information about how we securely detect and verify your password has been pwned, please review the article here.
What should I do?
First of all, don't panic. We're all human and have reused passwords. We recommend that you review our article detailing how to keep your account safe and secure, and then with that information now available, advise that you immediately do the following:
Start utilizing a Password Manager for all of your account passwords, if you're not already doing so
Change your Nodecraft.com password to a randomly generated one, stored securely in your password manager
Change the password of any other account where you used the same password
Enable 2FA on your Nodecraft account to secure it even further
Consider subscribing to Have I Been Pwned alerts, for in case your email address is ever found in a public data breach
If you have any questions, please don't hesitate to contact us. Our team is available to help.