Not sure if this has been pointed out yet so shoot me down if it has 
I've just done the username/password/pin changes but isn't there a fatal flaw in how this is done? The whole reason we're all changing our details is due to the database being breached and presumably usernames/password were accessed. Therefore the hackers could potentially access our accounts when services are returned to normal as they have our login details.
So now, to secure your account you need to login with your old details and update them, once done there is no confirmation email, you're in your account. Great, but aren't we assuming the hackers stole this information so therefore could login before us and access our account? To me it seems like a strange way to reset account details.
I've just done the username/password/pin changes but isn't there a fatal flaw in how this is done? The whole reason we're all changing our details is due to the database being breached and presumably usernames/password were accessed. Therefore the hackers could potentially access our accounts when services are returned to normal as they have our login details.
So now, to secure your account you need to login with your old details and update them, once done there is no confirmation email, you're in your account. Great, but aren't we assuming the hackers stole this information so therefore could login before us and access our account? To me it seems like a strange way to reset account details.
well the hackers have usernames and hashed passwords. So for people that had a very very weak password and who didnt log in shortly after 9am brazil time then yes there is a chance the hackers got in first.
if you have a decent password and logged in around 9am brazil time then there's very little chance your account would be breached.
What if admin didn't hash passwords? most likely, he even didn't find security hole. said stupid things like it wasn't our fault.