It has come to our attention that we have recently had a breach of our server's security. We believe that we have now got the situation under control and are continuing to search for any undetected vulnerabilities.
We know that e-mail addresses and password hashes were accessed and it is possible that they may have been leaked.
Password hashes are not plain-text passwords but are essentially encrypted by an algorithm that can only go one way and are thus meant to be unreadable on first glance. However, it is still possible that some of them may have been or could be brute-forced to reveal the original plain-text password, possibly even all of them.
We suggest you take no chances and therefore:
This includes your personal and non-TrueWoW accounts. E-mail, Facebook, etc.
We offer our most sincere apologies to you, our players, for this lapse in our security. You trust us to keep your information safe, and we try our best to do so, but it appears that was not enough this time. The original hole was quickly locked-down after coming to our attention and we've taken additional measures to beef-up our security all-round. We have spent a few days double checking our code and permissions to make sure there is no remnant backdoor open before making this announcement as it would be worthless to announce it, have you change your passwords while the attacker can re-attack the systems. Now that we are confident your data is safe - please go ahead and change your credentials where possible.
We hope these actions will restore any trust you might have lost in us as a result of this incident.
More detailed information about the breach is to follow soon.