Keith: I don't think Ripple is going to be too concerned with WCG accts getting hacked. People over on the Ripple Forum are already a little displeased about the lack of response some there see on the part of Ripple to technical issues.

Anyway, it's not really an issue as long as people have access to their own accts and can change the password. The only time it might become an issue is if someone decides at some point to change team affiliation for the purpose of earning XRPs. Then it will depend on whether or not the association between your WCG id and whatever Ripple wallet a hacker created to receive those XRP's is permanent or not. I thought it was but at least one other poster here claims it isn't. It should be simple enough to test though if anyone is interested.

Getting yourself a signature with a team indication is one step.........but..................if you do not even bother to post on the forums then even that is no help

Until we hear from WCG speoulation about the cause of these involuntary team movements is just that - speculation.

As I posted yesterday Anything that disturbs user confidence in the security and integrity of WCG is worrying.

WCG have said they are investigating which is good. Further updates would be helpful in maintaining user confidence but I suspect WCG will want to dot all the i's and cross all the t's before we are told anything more.

We have found that a few of our members have unexpectedly had their team choice changed to the "Ripple Labs" team. After investigating this, we can confirm that there was no break-in to World Community Grid and users' devices were in no way compromised.

We have identified a computer that was trying combinations of user names and common passwords against our website in an attempt to find combinations that worked. This activity began on March 11, 2014 and successfully guessed the passwords of a few of our volunteers. It appears that users whose passwords were guessed had their account's team choice changed to the "Ripple Labs" team but were otherwise left unmodified. Within 36 hours of the attack, this computer was blocked. We have been monitoring our systems closely for similar attempts. We will notify all members who joined the Ripple Lab team since this began and ask them to confirm their intention to be on that team.

We take security very seriously and follow industry best practices to best protect our users. We will continue to use best practices to block such password-guessing attempts. We will also conduct a complete review of other aspects of account and password management and determine what, if any, additional changes should be made there.

We are sorry to see that this happened to a few of our members. To avoid this kind of problem in the future, we strongly advise all users to adopt the best practice of selecting passwords that are not trivial or common. Avoid using short passwords and those containing simple words, obvious number, letter or keyboard sequences. You can see examples of weak passwords that should be avoided here: http://boingboing.net/2013/12/07/worst-passwords.html. We also advise that you avoid using the same password across multiple sites.

It might be a good idea to enforce certain minimum strength criteria for password changes.

Monitoring accts that change to the Ripple Teams might be adequate in the short term but if history has shown us anything it's how resourceful hackers can be. So a mass mailing alerting people of the issue might be a good idea as well, but only after password strength criteria are in place.