I just tried changing my password and it says my current password is wrong.
So I cannot change to a new one now.
Is it likely that passwords were changed on many/most accounts or did you wipe out old ones at some point?
BTW if the hacker still has some fingers in here then forcing us to enter our password for changing would expose the password. So hopefully some script wasn't modified to send passwords to him when an attempt was made to change it...
(Not a big problem for me as all my passwords are different and random 25 char strings)
I'm also having this problem. Funny thing is, if I use incognito mode to get a new session I can log in using my old password, but it's not accepting it for changing my password.
Ok something is definitely broken. I just used the forgot password function to reset my password, because it wasn't working from within my account, but then I could not log in at all using either my new password or my old one. Both passwords were 25 characters with special characters and spaces. I used the forgot password again to reset it to a 16 char password without special characters or spaces, and then I was able to login.
So something WRT to either length, special characters or spaces has a problem. Also none of the passwords I tried used a space at either the start or the end, so it's not trimming the string that is my problem.
It's starting to sound like the password change code uses different validity criteria than the login code.