Hi, César.
>Till now nobody from the UT admins has said anything specifically regarding the database security.
>
>Thanks in advance for your clarification,
Excuse me if I didn't reply earlier, but I was not following the events. To my knowledge, there is no formal way someone can get user information from the UT Admin infrastructure, except perhaps Michel, who is the only one able to access the raw data.
I have full administrative rights to the Admin interface and I can't do more to user profiles than approve newly submitted user pictures and edit bios for magazine authors.
Even while I trust the investigation Andy did, I guess there should be another explanation for someone getting to this personal data, or there has been an explicit exploit to circumvent the UT security. My appreciation is that our security infrastructure is pretty good, but we all know that no technology guarantees absolute safety. I'm sure Michel can provide more details.
Regards,