i talked with them on irc and it looks like it was an sql injection attack. its not 100% yet.

For those of you who dont know what that means, it means that no matter how strong your password or pin was they had actual access to the database to retrieve/update the data bypassing the website.