Edit: announcements from Dev:

I will be performing a rollback of roughly 1 day but will be taking Elethor down for a short while to determine what is going on and how the problems have come up.

I'll keep everyone updated!

All passwords are salted and hashed on my servers and it doesn't appear that any servers have been compromised. They are all highly secured with several layers of 2FA and nothing has been triggered.

There are no plain text passwords stored anywhere.

However to be safe, if you reuse passwords anywhere, I would highly recommend changing them.

This post was edited by AcheronGloom on Aug 9 2021 09:10am

pro tip: change your password but use something new and random, on the off chance they can still scrape/get the new password, I suggest using a password store such as LastPass or similar.

Another protip: don't use the same password on multiple different websites.

I've used a unique password for elethor (20 random letters/symbols etc) so this is way more likely to be a sessionID Hijack than a password issue

(I lost over 2b gold)

This post was edited by Shadirra on Aug 9 2021 05:54am

My protip is more about the possibility of actual passwords being stolen from the DB (like OP mentioned). If that happens and you use the same password everywhere, all your accounts everywhere will be at risk.

totally agree , just don't think that this hack was people with qwertyuiop passwords

so youre telling me, that i shouldnt be using PassWordJSP or PassWordEle or PassWordQues ?

nah you have some letters capitalized.. pretty stong passwords