On Tuesday afternoon, an intruder defaced Melissa Singer’s post below, replacing it with a threatening message. They also messed nondestructively with a few other parts of the site. To the best of our knowledge, their effects have now been undone.
The break-in was most likely accomplished by means of a vulnerability in Joomla, our content-management system, which was first discussed in public on Tuesday and patched on the same day; in other words, the intruder took advantage of a very brief window of opportunity.
We have no particular reason to think they made off with passwords or other personal information, but it’s not impossible. Currently the site doesn’t contain any personal information much more sensitive than people’s email addresses, so there’s not a lot of exposure, but we’re telling you about the incident so you can make your own decisions. (If you want to change your password, you can do it from the “account settings” link that shows up when you’re logged in.) Speaking just for myself, I apologize for the fact that this post didn’t go up a day ago. We’ll try to be quicker to acknowledge any future security issues that present themselves.