Ok,

First my apologies for not keeping you up to date on this issue. I have been very busy (summertime, festivals, travel and starting my own business) and I did not have much time to look into this.

Besides, this problem which seems quite easy, is a pain in the ass. It seems like the password for quite some users was changed to the same value. Since passwords are encoded with a 1-way algorithm I have no idea what this value is. There are three possible ways this could have happened:

1) A security breach. There are only two places where a query is executed that changes the password. The first one is at the "send me a new password" screen, the second one is in the profile editor. 

It is not possible that a breach has occured at the "new password" screen because a random password is generated there (instead of the same like in this case) and the "hacker" would have to know all of your mail addresses.

I have put even stricter value checks on the profile screen, even though all the values were already safe. 

2) A bug in the code. I examined every line related to password changing and found nothing that could've caused this.

3) A database issue.



As a temporary solution I've set the password of everyone affected to their username. So if your username is JohnDoe then your password is also JohnDoe.

Besides that I have enabled a query log for all queries that have something to do with inserting or updating information. So if the problem occurs again I have a logfile to examine it.

I hope this issue will be fully solved soon. And once again, my apologies.