Oh yeah, absolutely. And even if someone has changed their password between Apr. 15th and now they should still change it again now (and probably again after the gods declare the crisis to be over) just to be sure.
I just mentioned this (i.e. the date of the information not necessarily indicating when the hack occurred) to prevent a false sense of security (as in "Oh well, nothing bad has happened since April so I guess it's ok").
i agree, however i think the hack was done just to prove the site is vulnerable.
There is a really simple reason we owned PerlMonks: we couldn't resist
+ more than 50,000 unencrypted programmer passwords.
These Perl guys are alright, just a little dumb apparently.
A lot of them reuse.