Same here

Fortunately, never used this password for anything else.  Was time for a new password anyway.

Passwords

I'd suggest changing your password at a minimum. Google a search for password best practices and it will help secure your accounts.  However, having separate passwords is sometimes challenging, there are password managers available.  They allow you to use one master password to access your database and when combined with a multifactor authentication method it will provide a strong method of storing your passwords. 

It is not uncommon for individuals to utilize the same password, birthdays, pet names, etc.  All of which are easily guessed with a little investigative work from open source platforms such as social media.

Password and this site

Mark_300,

I'm assuming that if this site was hacked and my password leaked at least my email was leaked too. I just looked on the leading leak-search site https://haveibeenpwned.com/and my MRH unique email address isn't listed there. So either this is a new breach -or- something else is going on on your end. When you say you received a message on your iPhone, what type of message do you mean? SMS? iMessage? A popup inside the Safari browser when logging into MRH? Your device might be breached instead or infected by malware. A scan with a free anti-malware application like AVG or MalwareBytes might be in order.

I mostly use a unique email address for each service I register with through the use of one of my web server and domain names. Those unique email addresses all end up in the same inbox. Combine that with a password creation routine that allows for unique passwords for each site yet easily to remember and my risk when something is breached and leaks is minimal.

With the unique email addresses it's a breeze to figure out who was breached too. So far I've caught 2 companies in the past 3 years who have been breached and refuse to acknowledge my emails to their abuse/support/webmaster/etc email addresses. They are lucky I don't live in California or Europe anymore....

notification

So this shows up under:  Settings / Passwords / Security Recommendations.   

I never go in to this part of the phone but just happened to today as part of a battery replacement.  either way, i made a stronger password. 

If anyone gets asked by me to send money somewhere.. don't do it.   its not me...

Also check the password hacked link

Visit this link and type in your favorite passwords to see if they've been hacked. If they have, time to change them, especially for banking or other personal sites you DO NOT want to be compromised.

https://haveibeenpwned.com/Passwords

If you type in a password and check it, they will list a summary of the break-in's that may have exposed your password.

Also get and use a password vault manager. You provide a very strong password to access the vault then you put all your login passwords into the vault. This allows you to have complex difficult to guess passwords on every site without the need to repeat passwords across sites.

We use Dashlane ... other good ones exist as well. Just search for "Password vault manager" ...

This message means your password was in a data leak list.

It doesn’t mean that MRH or any other site you visited was hacked.  It just means that Apple has a list of passwords that were part of a known data leak or compromised passwords from someplace and you have a password that matches one that leaked.

So for example I’d you used the password Pa$$word for this site, and somewhere on earth someone else did, which is very likely, and this was a password used in a compromised site somewhere else, Apple devices will alert you as a warning to change your password.  But it really has absolutely nothing to do with the MRH site,

Mike