Not to spread fear or anything, but if anyone here reuses their password from elsewhere, you may want to change it everywhere. Maybe @ernest could look through logs to see if the SQL injection has actually been exploited? I assume passwords are hashed and salted, but still...