Quote Originally Posted by George1994 View Post
Wait, are they getting the passwords of users and taking over their accounts? Could they not just be poor passwords that have been brute forced or figured out from patterns of passwords or even commandeered email accounts? If that is the case, it may not be the sites issue.
We don't know yet. The problem MAY be poor passwords that have been "brute forced" and that is the reason for this warning. If you have a weak password, it needs to be changed.

Yes, our password database is encrypted. I can't tell anyone what their password is. I can only change them if one gets forgotten. I really don't think the security breach is THAT big that they've gotten into all the actual account keys. But they've gotten into SOME, and until we know why and how, it behooves everyone to make sure they have something not easily forced.

If you already have one that you feel is sufficiently strong, it should be fine. If they can see past the encryption and look at everything anyhow, then changing it wouldn't make much difference anyhow.