UPDATE 11/9/2016 1:00PM ET
We have now come to believe it is possible that the hacker may have been able to gain access to certain member information on our server, including: Usernames, email addresses, and IP addresses. Passwords were not as easily accessible, and at this point we do not know if it was possible for the hacker to access them. (Further note that passwords on DU are "hashed" and saved in a cryptographically scrambled format rather than as plain text, so if the hacker could access a member's password information they would not have direct access to the password itself -- only to the hash.)
We can say for certain that donor data, such as credit card numbers or addresses, were not compromised because that information is handled by PayPal and never passes through to our servers.
We are not going to bring our website back online until we believe that we are no longer vulnerable to attack and our members' user information is secure. Unfortunately we do not know how long this process will take, and it could possibly take days.
