We recently monitored several attempts by a student of the Wake county public school system to hack into an administrator account on the site. The IP address strongly suggests this was a troll we banned from the site yesterday. I've put a manual access restriction on that entire IP block and notified the school system's network administrator. I'm waiting to hear back, but with luck, we should be able to identify the culprit.
As a rule of thumb, though, please be diligent about your own account's security. The best passwords are unique, random, long, and use a variety of character types (uppercase letters, lowercase letters, numbers, and symbols). One password methodology I suggest is to create a phrase that includes the domain of the website you're logging into. For example, "I don't always DOMAIN, but when I do, I choose Dos Equis" might translate to "1d@ORNbW1DIcD3" if you're on ornlarp.com. Unique, varied, long, nigh impossible to crack, and easy to remember.
The site is backed up weekly, so there's not much that can't be recovered, but it is a chore to do so and there may be social consequences if the hacker pretends to be you online. More importantly, it's just a good practice in general. Be safe.
So that everyone's in the loop, I just spoke to Vass Johnson, the system administrator for Wake county public schools. He says that they managed to trace the activity to a particular high school, computer, and login, and will be handing off the information to the principal of that school for disciplinary action.
With any luck, we won't see further attempts to troll or hack the site in the future. I've reactivated guest chat for the time being. Please let me know if you guys see anything suspicious and I'll look into it.