Should have been put in the OP because people are going to jump the gun:
While we quickly contained the incident, information that was accessed included emails, usernames, securely hashed passwords and authentication data.
Any account passwords that may have been accessed were securely hashed, in accordance with best practices, meaning they cannot be read by a third party.
Still, always good practice to change your password after this sort of leak. However unlikely it is that someone could access your account, it’s never a bad idea.
Should have been put in the OP because people are going to jump the gun:
Still, always good practice to change your password after this sort of leak. However unlikely it is that someone could access your account, it’s never a bad idea.
If you use a unique password and have 2FA on there’s no real need, but yeah it can’t hurt.
I bet the 2FA secret was leaked too though…
Right there in the announcement.