As you may have heard by now, Doomworld (probably) got pwned by a script kiddie. I don't know what databases were accessed but they claim email addresses and password hashes, at the least. I will be looking into this further of course.
To summarize what you should know about your account:
- We don't store your password directly, but the output of a salted and hashed one-way algorithm. You can change your password if you wish but no one should be able to decrypt it anyway.
- If you signed up using an OpenID service like Twitter, Google etc, we only store some sort of token, no password or password-related data ever touches our end, so you shouldn't have to worry.
- The forum's admin panel uses 2-factor authentication so I don't particularly think that anything sensitive could have been accessed or changed that way, but if someone exfiltrated the database via other means it wouldn't really matter.
- As the admin, this is ultimately my fault, and I am very sorry it has happened. I will have to consider this and consult with others to decide what sort of site changes need to be made to help fix this situation. In general this is a good opportunity to consider your password hygiene and begin using a password manager with unique passwords if you haven't done so.