I was also a victim of this hack, and admittedly, I had a VERY insecure password.

I was aware of the dangers of giving it access to my accounts. There's no way it would be able to use those passwords repeatedly to get your balances if they weren't stored in a plain text format that the system could use to login to check those balances. It was my fault for not changing my AW password to something more secure after I started adding those.

I appreciated that AW caught this quickly and notified me before any damage was done. Good on them.