Something just occurred to me. How exactly does WCG think they're going to be able to confirm team changes? Even if you monitor an acct for email changes, the fact of the matter is that if a person's WCG acct wasn't adequately secured, the same probably goes for their email.

They really need to get the word out to ALL WCG members post haste before many more accounts and possibly their email addresses have been compromised. You need to get ahead of attacks like this, not just react to them.

I believe I found our hacker.

One nice thing about ripple is that it has a public ledger. Our hacker has a ripple public address of:

r44Z941P6eJxudgXU6Mf5Fz9q9cjZ9pVRR

I found this address by looking at the computing for good stats of:

99hawk
Argfan
Barnsley_Tatts

All of them had their XRP sent to the same address, the one referenced above.

It might be possible to contact a gateway to determine the identity of this individual. I estimate 5 accounts remain hacked, based on the ripple addresses recent activity.

Securing the website by using some form of lockout after 2 or 3 failed attempts would not be a solution. Boinc clients use the same password to connect so all someone would have to do is bypass the website by writing a script that runs a dictionary attack against the Boinc servers by pretending to be a boinc client trying to connect. Then once a valid password is found a single, valid, logon to the website could be made. The logon process to all areas needs hardening.