The information that was recently accessed is a database backup from April 2016 and contained information about 16.5k forum users.
The leaked information includes:
- Messages, both public and private
- IP-addresses
- Username and email addresses
- Profile information
- Hashed passwords
- ~13k bcrypt hashes (salted)
- ~1.5k WordPress-hashes (salted)
- ~2k accounts without passwords (used federated login)
- The attacker self-disclosed that they are the same person/persons who recently hacked Bo Shen.
- The attacker used social engineering to gain access to a mobile phone number that allowed them to gain access to other accounts, one of which had access to an old database backup from the forum.
https://blog.ethereum.org/2016/12/19/security-alert-12192016-ethereum-org-forums-database-compromised/
http://www.forbes.com/sites/laurashin/2016/12/20/hackers-have-stolen-millions-of-dollars-in-bitcoin-using-only-phone-numbers/#34624b2322db
Hackers Have Stolen Millions Of Dollars In Bitcoin -- Using Only Phone Numbers