So, now that the dust has settled, who was affected?
According to this post, some people’s accounts were accessed using the stolen passwords. The post seems to claim that DH actually said that 3500 accounts were accessed with the stolen information.
Edit: Oops, my bad. Apparently the post above refers to a previous security incident a few years ago. Please disregard this post.
But DH’s blog claims that no customer FTP or SSH user accounts have been maliciously accessed due to this password breach.
After the event, I contacted support to ask directly whether my passwords were in the table that was unencrypted. I needed to know this because I sometimes use a pattern approach to create unique passwords across sites and services but keep them memorable to me. Someone may be able to figure out the pattern though. DH Support very confidently said:
I’m not referring here to hacked WP accounts. I’m talking about actual access using a stolen password. Anyone get hit? Any other claims on teh internets?