Got this notification in the middle of the night. Yikes. Needless to say I was wide awake instantly. Saved by 2FA. Changed that password obviously. 
#infosec
Discussion
May I ask how long your old password was, and had you used the password elsewhere?
It was a *variation* on a password I know is pwned, so it was lazy of me to keep it in place. Every other password for anything that matters is a strong unique password generated via Bitwarden, and I use 2FA literally everywhere that offers it. This was a reminder to keep on top of things for sure.
Let's just say it was an opportunity to do a quick security audit, sign out unused devices, change my password and device passcodes, and enable Apple's E2E offering which I'd been meaning to do anyway..