by CalumTraveler » Wed Mar 09, 2022 12:16 pm
To preface: i'm not happy that this was happening either.
For further information, it appears that the affected accounts are only those recently made, or having tried to change passwords. Existing accounts before this point that did not request a password reset never had their passwords exposed in this specific way. The main issue really seems to be that the way that account creation was recently setup after an update was not as secure as it should have been- resulting in errors cropping up when accounts were being made or modified through the webservice, resulting in passwords being saved in plaintext in a supposedly temporary error document. As previously mentioned, account creation is shut down for the time being until it's fixed.
As far as I'm aware this should not affect a wide majority of users, but that said: Definitely reset your passwords if you share them across platforms and services, especially if you recently tried to make a Minkata Account or requested a password reset.