Not sure if this has been pointed out yet so shoot me down if it has 
I've just done the username/password/pin changes but isn't there a fatal flaw in how this is done? The whole reason we're all changing our details is due to the database being breached and presumably usernames/password were accessed. Therefore the hackers could potentially access our accounts when services are returned to normal as they have our login details.
So now, to secure your account you need to login with your old details and update them, once done there is no confirmation email, you're in your account. Great, but aren't we assuming the hackers stole this information so therefore could login before us and access our account? To me it seems like a strange way to reset account details.
I've just done the username/password/pin changes but isn't there a fatal flaw in how this is done? The whole reason we're all changing our details is due to the database being breached and presumably usernames/password were accessed. Therefore the hackers could potentially access our accounts when services are returned to normal as they have our login details.
So now, to secure your account you need to login with your old details and update them, once done there is no confirmation email, you're in your account. Great, but aren't we assuming the hackers stole this information so therefore could login before us and access our account? To me it seems like a strange way to reset account details.