I just got the email from them admitting the data breach.
"We want to inform you of an issue involving your Producteev username (i.e. your email address) and password. We learned on August 24 that your Producteev username and password had been held in a file outside our normal encryption procedures, and we believe that this file was potentially accessed by an unauthorized third party. We cannot confirm that your username or password was compromised, but we are notifying you so that you may take protective action."
So, they were holding usernames and passwords in plain text somewhere! What a terrible, clueless company. How on earth are passwords stored "outside our normal encryption procedures"
It sounds like they didn't get hacked. They just published all the passwords in a public place and aren't sure if anyone visited the URL.....
I could someone help me verify if this Data Breach is actually true?
When I visit the login page it says:
"Please Note
For your security, on Friday, 23 September 2016, all passwords were cleared. You must set a new password before you can log in (if you have not done so already). To do so, click the Forgot Password link below and follow the prompts."
So, they were holding usernames and passwords in plain text somewhere! What a terrible, clueless company. How on earth are passwords stored "outside our normal encryption procedures" It sounds like they didn't get hacked. They just published all the passwords in a public place and aren't sure if anyone visited the URL.....