Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why am I getting "A data breach on a site or app exposed your password. Chrome recommends changing your password on "SITENAME" now."

I created an app, that stores your password with bcrypt, and the input type of the form is password. I don't understand why I am receiving this alert? Why am I getting "A data breach on a site or app exposed your password. Chrome recommends changing your password on "SITENAME" now."

  axios.post(`/signup`, {
                userBody: values.username,
                passwordBody: values.password
            }).then(response => console.log(response))
                .then(response => history.push('/login'))
                .catch(error => {
                    setErrors({
                        error: error.response.status
                    })
                })
        } else {

            alert('cant be empty fields')
        }
    }



server.js

app.post('/signup', async (req, res) => {

const today = new Date();
const userData = {
    username: req.body.userBody,
    password: req.body.passwordBody,
    created: today
};
User.findOne({
    where: {
        username: req.body.userBody
    }
})
    .then(user => {
        if (!user) {
            bcrypt.hash(req.body.passwordBody, 10, (err, hash) => {
                userData.password = hash
                User.create(userData)
                    .then(user => {
                        res.json({ status: user.username + " registered" })
                    })
                    .catch(err => {
                        res.send('error' + err)
                    })

            })
        }
        else {
            res.status(500).json({ message: 'message' })
            console.log('User exists')
        }

    })
    .catch(err => {
        res.send('error' + err)
    })

})

like image 924
saladWithRanch Avatar asked Feb 29 '20 23:02

saladWithRanch


People also ask

Why does Chrome keep saying my passwords are breached?

If you see a message saying “you haven't saved any passwords in your Google Account yet,” the save password feature is NOT enabled, and the data breach message you received is likely a scam that should be ignored.

Why is Google telling me there is a data breach?

The page will tell you if the saved passwords in your Google Account were compromised in a breach. Originally, the technology was a part of Chrome's Password Checkup technology, but now you can use it by entering your Google account's settings.

Why is Google telling me my passwords are compromised?

To help you secure your accounts, Google can help notify you if we find any of your saved passwords have been compromised. If you're notified about an unsafe password: Go directly to Password Checkup to make sure the notification is authentic and change any unsafe passwords.

How do I fix my Chrome password that is compromised?

In Chrome, tap the three vertical buttons on the far right of the address bar and select Settings. Go to Passwords > Check passwords. Chrome will scan all your saved passwords and show you a list of those that have been compromised.


1 Answers

The code appears okay. If you are using Google Chrome it has a feature that warns if the password you are using has been previously compromised. So, if you are testing with a common password this may occur. If this is production than you should update your password as the warning indicates.

Link to Consumer Affairs Article: New version of Chrome warns users if their password was exposed in a data breach

like image 128
devspeter Avatar answered Nov 15 '22 15:11

devspeter