our site has been hacked on 13th November 2014. I have restored the site and updated to Drupal 7.33. We have no way of knowing what was leaked, so we assume everything was leaked. The passwords in our database are stored in a secure way and are not simply retrievable using rainbow tables or similar. Either way we advise you to change your passwords just to be absolutely safe! We are very sorry for the inconvenience.
As far as I can tell https://www.drupal.org/SA-CORE-2014-005 was the exploit used. It's curious that I can see somebody gaining access on 13th November even though the embargo was lifted on 15th November. I will continue to monitor the situation.