We're sorry we couldn't give you more information at the time as this is being dealt with on a legal level. The password reset was a legal requirement and we had to get it done on a timeline. So this was the first bit information passed on to you all.
The article doesn't mention that it was actually a 3rd party plug in provider used on this site and many others, that was hacked and scraped for basic account info. Passwords are encrypted, but accounts with simple passwords were still at risk once user id, username, and email were identified.
Quick summary of what happened:
- Data was breached back in Feb from a plugin from another company (email, username, some IP - that is all)
- The data was not used or made public until earlier this week (when we found out about it)
- We have locked down sites and requested all user update passwords
We had already been increasing increasing security measures on our end and will continue to do so, and the increased password complexity will protect your accounts from your end.