19 Jun 10, 10:43PM
Also, special note: Although it's not necessarily required, as the passwords were encoded, we recommend you change your passwords from their previous entries.
We have put several measures in place for this not to happen again, as you may have noticed, the main site itself (which was what was originally exploited) is now static content, not PHP. We have better logging and intrusion detection systems in place, and the systems themselves, are better (there are many other things we have done to make our systems as secure and recoverable as we can make them, but we can't comment on what they are, for security reasons).
Although we had backups in place, they were all compromised, as this exploit had been going on for a long time without notice.
We have put several measures in place for this not to happen again, as you may have noticed, the main site itself (which was what was originally exploited) is now static content, not PHP. We have better logging and intrusion detection systems in place, and the systems themselves, are better (there are many other things we have done to make our systems as secure and recoverable as we can make them, but we can't comment on what they are, for security reasons).
Although we had backups in place, they were all compromised, as this exploit had been going on for a long time without notice.