URGENT NOTICEWhen I tried logging in this morning to btcguild.com, I realised I couldn't do it. I then tried logging in mtgox.com as well with no success. I then tried logging in my gmail account which is tied to both mtgox and btcguild, and realised the password has been changed. I recovered my gmail password, which then I reset my btcguild.com password. When I log in to btcguild, I found that my email address has been changed (my prior email address with a "1" appended at the end of it, eg originally
xyz@gmail.com became
xyz1@gmail.com), as well as my payout address has been changed. Luckily, I had payout lockout enabled so the hacker could not retrieve the funds yet. As of this moment, I'm still unable to recover my mtgox account password. I've sent in a help request through the support forum to freeze all my assets asap and I'm now waiting for their reply.
I urge everyone to change their mtgox and/or btcguild passwords asap, there may be some security vulnerabilities in either of these sites or my computer. I'm not sure whether I've been hacked or what, but everyone please becareful.
I can tell you with full certainty that if anything was hacked, it was either at your email, or your computer itself. Even if a security flaw were in BTC Guild's database, the hash retrieved for your password is strongly salted. The salt cannot be retrieved without the person having shell access to the server, at which point they would certainly be going straight for the server's wallet, not users. Even if the salted passwords were pulled from the database, they would be useless in trying to access another site like MtGox.
I'm adding a "Revert to Prior Email" option right now so you can force the server to restore your original email address. I highly recommend you change your EMAIL PASSWORD if you haven't already. Given the attacker hit multiple sites, that is the common weakness.