I am about to send out a mass email to all members of the forum urging them to reset their passwords. The information they could have stolen could have been two things:
1) Any text you typed and submitted on the forum in the past 24 hours.
2) Any information your browser has in it's cookies or session information.
Unfortunately the details of the attack are very limited and the code that was inserted was dynamic, in other words everytime a page was loaded, the code changed. What I'm telling you is just what I have been informed of what other forum owners have experienced.
I would urge everyone to reset their password here: