If you are a security conscious user, you may have installed one of the new extensions in your browser to help you identify bad passwords or passwords that have been compromised in past breaches (e.g: Google Password Checkup or Okta PassProtect).
If you have one of those you might be seeing a big red warning when you are logging into your Personal Capital account
While that is a legitimate warning, this does not mean that your Personal Capital account was compromised. It means that your password was probably compromised on another site where you used the same password. Remember, even if someone has your password, Personal Capital utilizes Multi-Factor Authentication to prevent unauthorized access to your account.
What do I do now?
It is difficult to directly identify which other website might have gotten your password compromised, if you look at recent news. One resource we can recommend is a site called “Have I been Pwned?” (hacker slang for “compromised”). You can safely enter your email in the search bar (but not your password!), and the site will list out all potential breaches where your email was found. Any of those may be reason why you’re seeing the warning.
We also recommend you review our Chief Information Security Officer’s blog on how to Protect Yourself from Data Breaches for more security advice.