Due to a security breach we alert our users to a possibility that accounts could have been compromised and recommend a password change for everyone.
Earlier today we found an intrusion into our main webserver. This led to parts of our database being stolen, including user data.
The attack got in via a compromised admin account, and an exploit in some old legacy code on the site. This led to remote access to our main webserver, from where access to the database was possible.
The bad news is that the entire user database was dumped. The only silver lining is that all passwords were protected with bcrypt, a strong hashing algorithm that makes mass password decryption attacks unviable. We however still regretfully have to ask you all to change your passwords, as a targetted attack even on bcrypt encrypted passwords is a possibility.
Furthermore all users have been auto logged out of their accounts as a security meassure.
We are terribly sorry about this incident, and no one is more sorry than me personally, you entrust us all with your data, and we should keep it safe. It is not good enough, and we take full responsibility.
I will instruct the entire programming team to focus on tightening up security across the entire site, but for everyone affected, I realise that this is of little help.
All we can do is say sorry, and hope you will still trust us in the future.
If you have any questions or concerns, write them below and I will do my best to answer.