An attacker gained access to the servers hosting Matrix.org. The intruder had access to the production databases, potentially giving them access to unencrypted message data, password hashes and access tokens. As a precaution, if you're a matrix.org user you should change your password now.
crosspost from @matrix since their instance is currently down:
the security maintenance is to address issues with Matrix.org's production infrastructure. This is not a Synapse issue.
Hacker's story: https://pastebin.com/3rzCqrFk
A Mastodon instance for info/cyber security-minded people.