Hello, Moderators! I would like my account to be deleted. I have experienced some password breaches linked back to this sight and will change it. I know you can't fully delete an account, but maybe that should be an option in the future for those who would like to protect their data. Cheers.
As regards a "password breach", we haven't been able to find any evidence of such a thing, either from our own internal investigation or from discussions elsewhere on the Internet. If you could share where you heard about this, it would be really useful for helping us to investigate.
There's no place like 192.168.0.0/16.
I'd like to chime in on the matter of password security, since this is the second thread about this, and I'm sure many folks have questions or a vested interest. I used to be heavily involved in various freelance pentesting services such as Hackerone, and these days I'm focused on running and maintaining a service that processes hundreds of thousands of unique individuals' personal information per month. So, I've been on both sides of online security.
First off, the only way for you to be sure that your password breach came from ACC is if one of the following was true:
• information was stolen that only exists on ACC;
• ACC announced it;
• a third-party reports evidence of ACC's database being stolen;
The latter two haven't happened, so we're left with the first one as the only possibility. I'm not sure that "some password breaches" means that data that only exists on ACC was stolen. If I use the username GavinGoneGlobal and the password ExamplePassword on ACC and Reddit, and then my Reddit account gets mis-used, I can't immediately blame ACC. Perhaps Reddit had a security breach themselves (in fact, they did), perhaps my password was guessed, perhaps I've been keylogged and they're trying all emails/passwords I've ever used on a bunch of common services. If you add another service to the mix, such as "Nintendo Network", then it could be from them (in fact, it might be, since they had a breach, too).
The fact that your password was "breached" on another service (or, by your use of plural, multiple services) means that you were using the same email/password on other sites. ACC is just as likely to be the cause of it as the site that you were targeted on.
Even if you receive an email saying "I have your data: GavinGoneGlobal/ExamplePassword/your buddy list is [user,user,user]/your PTs are [this,this,this]" then that's not 100% that it's ACC being hacked -- perhaps your Neopets login got hacked (in fact, it probably did, as they, too, suffered a breach) and then someone logged in to your ACC account, read your stuff, and then fed it to you as if they hacked ACC. So, unless your ACC account has a unique password (which you said it didn't), that first point does not apply, either.
Second, if a site you use does fall victim to a data-breach, requesting your account data to be deleted isn't going to solve anything -- it's the equivalent of putting your credit card into a lockbox after someone already tweeted a photo of it. The information is out there and outside of your control, so getting your ACC account removed isn't the answer.
Instead, focus on changing your passwords on all sites you use. And if you're using the same password on one site that you use elsewhere, don't. All sites should have a unique password, so if one site gets hacked and they weren't encrypting passwords properly, you aren't going to risk your accounts on other sites.
Every single site I use has its own password, and I'm able to keep it nice and managed thanks to my password manager. Sites get hacked all the time (I highly recommend everyone check out have I been pwned if you haven't already) and unique passwords can help reduce data-breach fallout from being a several-hour-affair of password resets, to a simple "huh, that sucks".
Obviously a breach could've been grabbed prior to this update and the hacker holds the "weaker" encryption of our passwords, but, again, no evidence of that. Regardless, if you're worried about your password going forward, there's even less reason to worry now.
All of this said, I'm not saying that ACC is completely hack-proof, nor am I saying that you're 100% wrong that the breach happened here. But I just want to shed some light on this for you, or anyone else reading who may be concerned, that there is almost certainly a more logical explanation.
Also, I want to end the post by saying I'm very sorry you had your password breached, and I hope the perps didn't steal any of your accounts, money, or contact anyone on your behalf.