Recently, both Topstep and MyFundedFutures issued alerts prompting users to change their passwords. Although neither firm confirmed a confirmed breach, the alerts suggest potential data exposure involving user emails, login credentials, or other sensitive information.

Real‑Life Alert from Twitter

Trader @thebrianstonk (Brian Stonk) shared this on X (Twitter):

This firsthand account highlights a user receiving a password reset email without requesting it; raising legitimate concerns about the handling of personal data

Reddit Chatter: Community Reaction

On r/TopStepX, users debated the cause. One commented:

“They sent a message … asking everyone to change their password because of ‘maintenance’, I knew something did not seem right… I smell a lawsuit.” 

Another weighed in realistically:

“Web app dev here… It’s sometimes easier to just let the passwords all be invalidated… than to migrate them to a new authentication system.” 

This split reveals traders’ uncertainty—some suspect an actual hack, others think it could simply be a security precaution.


Key Risks for Affected Traders

  1. Credential Exposure
    Even a non-malicious reset can highlight system vulnerabilities. If emails or hashed passwords were compromised, attackers could attempt credential reuse across platforms.

  2. Account Takeover
    Intrusion via compromised login info could lead to unauthorized trades, fund withdrawal requests, or suspicious activity—particularly dangerous in leveraged prop accounts.

  3. Privacy Erosion
    Clients trust prop firms to safeguard personal data. A breach—even if limited—can damage reputation and trader confidence.

  4. Phishing Avalanche
    Widespread alerts from multiple firms heighten risk of phishing. Users might receive malicious emails masquerading as legitimate resets.


What Traders Should Do Now

  • Change passwords immediately on any platform where the same credentials were used.

  • Enable 2‑Factor Authentication (2FA) wherever possible.

  • Monitor account statements diligently for anomalies or unauthorized trades.

  • Beware of phishing: always verify email origins before clicking links.

  • Reach out to support for confirmation and guidance should suspicious account activity arise.

While no formal confirmation of a data breach has emerged, the rapid password reset request and community chatter suggest something is amiss. Traders on Topstep or MyFundedFutures must act proactively to protect their credentials and remain cautious in the wake of these alerts.