It was a "soft" hack, in that they didn't actually gain access to our servers or anything. They simply managed to login to accounts they weren't supposed to. Even if an attacker gained access to our full database, passwords are stored using strong encryption, so they would not be crackable.