When you do these kinds of posts please include sources other than "xyz said". Even if you are correct with what you said not having any sources for the claim will make it look like you don't know anything about what you are talking about.

For example I did a quick research on this and from what I can tell is that factorio's website was not compromised. Google would not know even if it was. The message chrome displays warning about databreaches does not know who or where the breach was. All it does is peek at your username and password when you type it in any website. Then it hashes them and send the hash to a server that has a database of leaked usernames and passwords. If there is a match then it warns you. But it does not tell you who leaked your password. Only that it was leaked somewhere.

So please if you have any evidence that the factorio website was breached do provide it as soon as possible.

Edit: just to clarify if you used that password with that username or a similar username on another site that was compromised you would get that message on all the sites even if those sites were not compromised.

a warning message from google? i kind of doubt whoever sent you that was from google.

yeah that sounds like a scam mail

Originally posted by impetus_maximus:

a warning message from google? i kind of doubt whoever sent you that was from google.

Recent versions of google chrome have a feature that gives you a popup when the username and password you typed in or have saved in it's password manager appears in their leaked logins database. My guess is that he is talking about this popup. https://support.google.com/chrome/thread/23534509/i-am-getting-a-popup-message-saying-that-a-data-breach-on-a-site-or-app-exposed-your-password?hl=en

thanks PunCrathod. google keeping us safe by keeping our passwords in yet another database. xD

Originally posted by impetus_maximus:

thanks PunCrathod. google keeping us safe by keeping our passwords in yet another database. xD

That particular user/password combination is compromised at that point anyway. Reason Google knows it; is that it was found in public partial data dumps on the dark web.

And they probably still don't store it plain text; but hash it before storage.

In fact; for security purposes, when verifying whether a username/password combination is compromised they more than likely have the browser first hash them locally and only verify the resulting hash against the stored hash on their end, letting no usable information regarding the username/password combination that the user entered, leak to anywhere. The user's direct intended recipient would remain the sole receiver of those in their original non-hashed form.

I'm amused the trolls in here don't give a #### about account security.
Directly from Google Password Manager
[img]https://i.postimg.cc/BQjhp6Pp/Google-Password-Manager.jpg[/img]

Originally posted by RLS0812:

I'm amused the trolls in here don't give a #### about account security.
Directly from Google Password Manager
[img]https://i.postimg.cc/BQjhp6Pp/Google-Password-Manager.jpg[/img]

Exactly what I was guessing. That message does not mean factorio.com was breached. It means that the username and password you used in factorio.com appeared in a leaked passwords list. Those are two different things. Of course it is possible that factorio.com was breached but if everyone changed their passwords every time someone gets that message we would not have time to do anything else. Thousands of people get that message for facebook every day yet I don't see people advocating you change your facebook password every 10 seconds.
Until someone confirms that it was in fact factorio.com that was breached then you should not worry about someone else getting that message.

There was a really ugly vulnerability revealed 2 days ago, that may have hit their website if they were not fast enough. It was already "actively being exploited in the wild" as the phrase goes.
Warframe's forum-provider was down for emergency update to mitigate it friday.

Originally posted by Tydo:

There was a really ugly vulnerability revealed 2 days ago, that may have hit their website if they were not fast enough. It was already "actively being exploited in the wild" as the phrase goes.
Warframe's forum-provider was down for emergency update to mitigate it friday.

And if that is the case then we will start to see lots of people reporting that their factorio.com account was compromised. Until that happens tough statistics say op used the same username and password somewhere else that was compromised or op has/had spyware and the only username and password he typed and has saved in chrome when that spyware was active was his factorio.com account.

Originally posted by RLS0812:

I'm amused the trolls in here don't give a #### about account security.
Directly from Google Password Manager
[img]https://i.postimg.cc/BQjhp6Pp/Google-Password-Manager.jpg[/img]

I'm amazed that OP here can't read what the screenshot actually says.

Originally posted by Tydo:

There was a really ugly vulnerability revealed 2 days ago, that may have hit their website if they were not fast enough. It was already "actively being exploited in the wild" as the phrase goes.
Warframe's forum-provider was down for emergency update to mitigate it friday.

Yeah, that was some java-logging software vulnerability. However, it's quite unlikely that account information would have been stolen and leaked online and discovered by google fast enough for that to have come from a hack using that.

Looking at the OP's pic, it's much more likely that the account was compromised elsewhere. They use their Gmail account as the login name for Factorio. Most likely that exact same email/username and password combination had been used on another site, and THAT had been compromised in a leak. Since the username/password combo google detects you are using for Factorio has been found out in the wild, it just informs you that the combo has been compromised.

However, (probably bad advice) I think you will be ok. See, that combo has been compromised elsewhere, but as far as a rando hacker knows they think its for your gmail account itself, or whatever site it was compromised from originally. They have no idea you use this gmail login for Factorio, and are unlikely to try the username/password combo on an indie gaming company's site to access.... nothing valuable. More likely they will dump the username/password combo into their giant list, and run that against gmail, banking sites, crypto sites, social media sites, stores, etc to try to find another site using that combo that they can get in as.

Originally posted by RLS0812:

I'm amused the trolls in here don't give a #### about account security.
Directly from Google Password Manager
[img]https://i.postimg.cc/BQjhp6Pp/Google-Password-Manager.jpg[/img]

LOL

Originally posted by RLS0812:

I'm amused the trolls in here don't give a #### about account security.
Directly from Google Password Manager
[img]https://i.postimg.cc/BQjhp6Pp/Google-Password-Manager.jpg[/img]

Most of the people that play Factorio have a greater knowledge of computer science than most other gamers. They aren't disregarding it, they just know more about it than the average gamer that falls for memes and scams does. I recall a poll I once saw regarding Factorio showed that people that had education in engineering were over represented in the Factorio player base.

i was just talking about this in the mods and scenarios sub forum, when suggesting modders upload their mods to nexusmods, i not going to sign in to the factorio site with my steam login info (easiest way to lose your steam account by giving third party sites your steam login info, havent given my account login info ever and aint starting now...) and i dont want to make an account there, i already have an account at nexusmods, so i would much prefer mods be uploaded there so i can use them.