See post for details, but a quick tl;dr:

Malicious actors were able to inject code using a XSS (cross site scripting) attack and steal JWT tokens for users. Any user who had their token compromised has potentially had their password and email address compromised.

This only applies to instances that have local custom emojis. Posts with custom emojis that are federated in from a remote server are not affected.

We currently have no custom emojis, so if your account is here on TTRPG.network, your account is safe.

If your account is remote to an affected server, i would recommend changing your password asap