Dear Linden folks,
I would be very grateful if you could respond to the following questions concerning the security breach.
1: Was the stolen payment information an encryption of credit card numbers (invertable function), or a hash of them (non-invertable function)?
2: Was the system used for hashing credit card numbers different to that used for hashing passwords?
3: If the answer to "2" is no, and you are confident that the hashing protects credit card numbers, why ask users to change their passwords?
Thank you.