I assume you're referring to the large-scale data breach that was discussed online a few weeks ago. On Google One's Dark Web Report, the dates for some of these breaches may be showing as recent; in actuality, they are largely composed of very old data dumps going back many years. We did have a data breach in 2013 (leaked usernames and emails) which was known to impact many other fansites, and although I was not an Administrator at the time and cannot comment on how exactly this information was relayed to the public, I do know site staff did work tirelessly to strengthen security and protect users when it occurred. It was taken extremely seriously.
We run cPanel and always ensure it is up-to-date, and have a malware scanner running in the background that can confirm there were no malicious scripts running on us. Accounts that have not logged into the site since prior to late November 2023 cannot be accessed without performing a forced password reset. Our current forum software, XenForo, also receives continuous updates to its security system to ensure there are no exploits.
Account security is still taken very seriously here,
and I want to assure people that no recent sitewide breaches have occurred. And to remind others who may not be aware, make sure you do not use the same password across multiple sites, as this can make your accounts more vulnerable to being accessed. Additionally, I highly recommend everyone look into a password manager to help store passwords. With these tools, you only need to remember one master password to access your entire vault of saved passwords. It makes it much easier to use strong, unique passwords on every site you have an account on. Options for these include LastPass, Bitwarden, and 1Password among others.
With XenForo, you can also enable 2FA for your PokéCommunity account here: