Critical login exploit allowing accounts to either get hacked or stuck

Here is what I posted on the forum located at:

http://www.minecraftforum.net/forums/minecraft-discussion/recent-updates-and-snapshots/2626453-1-9-major-security-login-exploit

And here is what I posted:

Hi, I logged in this morning around 9AM CST and updated to 1.9 successfully. I checked a few things out then logged off. I tried to log back in at around noon CST and I was told that someone was logged into my account so I tried logging in using the same password and username that I have had since the migration of Minecraft and Mojang Accounts. I was denied access and was told I was using an incorrect username or password. I then checked the server status page on Google and it said all servers are up and running. This prompted me that the account probably had been compromised so I managed to reset the password on the account then I proceeded to login on the website and it asked me for my verification questions and I was able to my Mojang account. Since the password was changed; I decided to change the email too. So I went through the process of changing my email and everything and I entered it into the launcher and it still said that someone was logged into my account so I waited about a minute and apparently the stuck session/hacker got kicked off and the launcher came up with me logged in and everything is good now. I am not playing 1.9 until more people play it and I think I will stay with my forge 1.8.9 with leaves fast decay mod and optifine for now until this bug is fixed or it is confirmed not to be a bug. Here is a little security features I use on my PC that would prevent a hacker from keylogging me or something.
-I use AT&T U-Verse security software that comes with my internet.
-All the computers in my house use Windows 10.
-The computers are not in a homegroup so they are not accessible by LAN.
-I use the newest U-Verse Gateway which I am using a 5Ghz band with WPA2 security and a messed up password that no one could ever guess.
-I don't view and no one in my house views sites that are unsafe. We use sites that are bookmarked and trustworthy.

Other Notes:

As you can see on the replies one person said that it wouldn't be hacked if I still couldn't login but I don't know how your servers work but I think it just took a minute to kick the hacker/stuck session out of my account. One reply said that I should scan for viruses. I did with up-to-date definitions and thorough full system scan and found nothing.

So far there are two replies at this time of people having this issue.

I have reverted back to 1.8.9 and have not had this issue since.