Drupal's 1 M user accounts breached!

Quote:  This access was accomplished via third-party software installed on the Drupal.org server infrastructure, and was not the result of a vulnerability within Drupal itself.