Were only the admin passwords compromised, or also the passwords of the list members (who can set a password to view the membership etc)? 

Lodewijk

All passwords were reset, including list member passwords. Because list member passwords can go through a "retrieve password" + they get periodic reminders automatically mass emails about those resets were not sent out however. (I believe we may be adding a note in the auto reminder about how they were reset... but not entirely sure, I will leave that for ops)