Time to change passwords again. Reading threads like this makes me paranoid.
How exactly are the scammers hijacking accounts? It's not like the passwords are posted publicly. And convincing people via pm to share their passwords happens only to the hopelessly naive and braindead. I always thought passwords were stored in encrypted form in a secure repository of the server. Or is there some kind of backdoor access to accounts?
Sometimes people fall for the phish links sent via pm or on the forum. Always best to double check the link before entering any information in. I have been reading about hashes being leaked last year, but I thought people were forced to reset their passwords.