The reddit thread has some more information: https://www.reddit.com/r/flightsim/comments/77gjli/psa_xplaneorg_forums_passwords_were_leaked_you/
Essentially, it looks like a cross site scripting attack that collected user information as they logged in. Your data is probably safe if you did not log in in the last few hours, but with stuff like this its better to err on the side of caution.
Not the first and won’t be the last. Pretty disgusting really.
Well my name isn’t on the list, but I’ll change pw anyway, after they sort the issue.
Breach is still ongoing, another list of logins was released 20 minutes ago. Don’t log in.
Guess I’m safe then since I haven’t logged in for quite some time, talking months.
My password is unique 30 charzcters. They can have it will just generate a new one later.
My username was listed . Password changed.
From a guy on reddit:
I haven’t visited in weeks yet I was on there which makes this odd
I’d check the list if I were you
Also, Paul, I would wait until it’s all fixed, then change it again - people are saying the hack is still ongoing.
I’ll be sure to do that. Thanks for the heads up.