The Exposed Password report says my epayment.epymtservice.com password needs to be changed, but I can’t log directly into that site. It’s a service of US Bank, but I can’t find anything on their site that would help.
@BobR Welcome to the forum!
If you’ve ever had any dealings with the Minnesota Department of Labor and Industry, you could try the “forgot password” link here:
https://epayment.epymtservice.com/main/publiclogin/showLogin
If not, then assuming that you located the relevant vault item, you could check the item creation date, and then scour your emails (and/or credit card statements) corresponding to that timeframe to see what online transactions you may have made on that date.
1 Like
Unfortunately, I get this at that link:
The system has detected that your session has been idle for a long period of time. For security reasons, the system has logged you off.
Please return to your original payment site and login again.
Thank You
If you’re unable to find a relevant transaction in your email records or card statements (close to the item creation date and/or item modification date shown in Bitwarden), then it may be safest to replace the card(s) that you are most likely to have used for online payments — in case the card information is saved in your epymtservice.com account and could be used for purchases by someone who access the account using the compromised password.
Thanks. I suspect that the service is only used by U.S. Bank to process auto payments every month to pay off my U.S. Bank credit card balance. Hopefully, there are additional security checks involved in the payment beyond my username and password. I’ll give them a call and see what they say.
1 Like
I just spent about an hour on the phone with various departments at U.S. Bank. That epymnt service is used by lots of financial institutions to transfer money. I do have a bunch of autopayments being made by my U.S. Bank credit card to places like Netflix and Hulu.
Somewhere along the line BW (LastPass, actually) asked me if I wanted to save a password and I said yes, so it created the entry. The actual stored password is a 4-digit number, which I would never have used as a password.
I talked with some pretty knowledgeable people as U.S. Bank and none of them had any idea how this could have happened, but they all assured me that my user name and 4-digit number could not be used by anyone to gain access to anything. Thanks again for the ideas.
1 Like