diff --git a/ReallifeGamemode.DataService/Controllers/AuthController.cs b/ReallifeGamemode.DataService/Controllers/AuthController.cs
index ddd17f24..bcc403ab 100644
--- a/ReallifeGamemode.DataService/Controllers/AuthController.cs
+++ b/ReallifeGamemode.DataService/Controllers/AuthController.cs
@@ -30,7 +30,7 @@ namespace ReallifeGamemode.DataService.Controllers
     public ActionResult<LoginResponse> Login(LoginRequest request)
     {
       string hashedPassword = ComputeSha256Hash(request.Password);
-      User user = dbContext.Users.Where(u => u.Name == request.Username).FirstOrDefault();
+      User user = dbContext.Users.Where(u => u.Name == request.Username && u.Password == hashedPassword).FirstOrDefault();
 
       string token = tokenGenerator.GenerateUserToken(user);