Security Awareness Course Password Question

First of all, thanks for your feedback.

Please note that when answering a question, you need to consider only the provided information in the question (i.e., about a thousand passwords were stolen).

You are concluding that the site may still have an incident in progress, but this information is not written in the question. Since this information is not stated in the question, you should not use it as a basis to select an answer.

But the information in the question also doesn't state that the incident is resolved, such that we have to assume that we don't know whether or not it is still in progress. If we've heard about this only from the news and not directly from the site, it is actually more reasonable to assume that either the incident is still in progress (such that the site don't want to cause alarm and have everybody change passwords risking further leaks) or that our password is not one of those lost in the breach (which is highly likely given that about a thousand passwords were stolen on a social media site which likely has a vast number of users). To act hastily increases our risk in this instance and we would better off to wait for advice from the site while ensuring we secure any other user accounts which may (inadvisably) share the password.

I fully appreciate that "if your password is leaked, change it" is generally good advice, but given the information available in this scenario it is not the appropriate course of action. If we can be confident that changing our password and taking additional steps such as configuring TFA will ensure that our account is secure then of course it makes sense to do so, but if the passwords lost so far have been captured at the point of input rather than retrieved from the database (and we don't have any information one way or the other) then logging in might just immediately give away our password, and changing it might give away the new one as well. For all we know the attackers haven't got any passwords and have just leaked the fact that they do in order to get everyone to change their passwords so they can steal them as this is the vector of the attack. Let's be realistic, the information provided on security breaches in mainstream media tends to be woefully short and we should wait for guidance from an expert (which is the correct answer to almost every other question in this pack).

Thanks for the clarification - basically you are right, the scenario is not clear enough - we have to change the question to "In the news, you have heard that your favorite social media site has been hacked, and the user password database has been breached. You should:"