Encoded username and password are being sent to the server. Zappl IOS currently has an issue with the encoded passwords that are stored in your device being sent to the server. Normally its only supposed to send a session to the server.
Our servers have not been breached and we have file shredded the node logs but just in case you feel the need please reset your posting keys.
We have taken the IOS app out the app store but it will take some time to come down. So please let people you know for the time being to wait for the new update.
We are working as fast as possible to fix the issue. Any fixes we upload can take up to 8 days for the review process to go through. But on average take about 12hours-2days.
To reset your posting private key password you can use https://steemit.com/@usernames/password
You can also use the trusted desktop wallet vessel https://github.com/aaroncox/vessel
