This is the second time I’ve had to recover my password/change it in a day. The password I was using was very familiar to me and not terribly easy to brute force. I’ve also noticed Kongregate doesn’t use https protocol which bothers me… well, it’s just a gaming site, but well, you know.
A few hours before these occurrences I had noticed someone called ‘RealZoot’ had been added to my friends list, apparently without my consent. This user had also added a shout which included a URL to a now removed web site.
If I were a black-hat hacker I would have hijacked that user’s account and used it to seed shouts to a scam site, so there is the possibility it wasn’t actually that user at all.