Apparently, there was a break in on another Curse community site that allowed attackers to gain access to the Curse Authentication system. This then allowed them to steal databases from Arenajunkies.com, Aionsource.com, diablofans.com, enterbf3.com, modernwarfare3forum.com, ffxivcore.com, and zybez.net.
How This Will Affect You
First of all, please note that passwords for all of your accounts are salted and hashed. This basically means that the attackers are unlikely to straight out steal your account since they have to break the encryption on the password to do so. I am still going to recommend that everybody change their password though, which you MUST DO ON CURSE.COM AND NOT HERE. Also, change your email password if it's the same as the password here.
Additionally, please make sure that your game login and password are not the same as the login and password for this site. This is the second time since we've been running that our database data has been compromised and it is actually very common for hackers to target fan sites like us. It's useful to have a different password for every site that you visit and to either use software like 1Password or just to have a special way that you create your passwords for different sites that you can remember. Please also never use terms in the dictionary for passwords.
The biggest affect on on users is going to be that your email addresses were stolen. This can be used immediately by the hackers in order to send you spam mail that suggests you need to enter your game account information onto their non-game site. This will allow hackers to gain access to your Aion or other game accounts.
NEVER, EVER, EVER CLICK A LINK IN AN EMAIL MESSAGE ABOUT A GAME ACCOUNT.
Oopsie, sorry about the caps.
If you always go to the site by typing it yourself, you are unlikely to ever be scammed through an email scam. It's a simple rule, but it's worked well for me.
So, in short for the tldr; crowd - change your password and ignore the spam mail you're about to get.
This post has been edited by Nobody: 08 March 2012 - 07:43 AM
Reason for edit: change email password if same