We found out about the injection after about 2 hours. We have gone through all transactions and have not found any suspicious activity, but please don’t hesitate to contact us at firstname.lastname@example.org is you experience any.
To make sure no accounts are breached, we have decided to remove all sessions on the server, meaning that all users have to log in again. We apologise for the inconvenience but in situations like these we would rather err on the side of caution.
- The Iconfinder team