[Rogean]

Recently a group of people gained access to an Administrator's account on the EQEmu forums, and edited the site templates to include a javascript entry which submitted all logins to a remote web server. As soon as we found out about this we locked the forums and removed the script.

Unfortunately, the hackers have the username and password of Every user who has logged in to the forums in the last 2 months. Yes, the passwords are encrypted in our database, but the javascript was executed as the passwords were typed into the login field, and before they were encrypted on the server. This means they get a cleartext version of the password, non-encrypted.

As as result, we have reset everyone's password on the boards and sent the new one to the email address on the account. I suggest that everyone get their new password and then change it to something you haven't used before. If your password was the same for your login accounts, I would change those too (Hell, change them anyways even if they weren't the same).

I apologize for the inconvenience this has and will cause, unfortunately we live in a world full of assholes that like to do this kind of shit.