After experiencing an intrusion on Sunday, technology news and information site Ars Technica is asking all readers who have accounts to change their passwords.

According to a Tuesday report, an intruder initially gained access to an Ars web server and was then able to access a more central machine using information in a “poorly located” backup file. The hacker then accessed the central server the following day and replaced the main Ars webpage with a defacement page.

Regular operations were restored roughly 15 minutes later, but the intruder may have been able to copy the user database, which contained subscriber email addresses and passwords, the report indicates.

“Those passwords, however, are stored in hashed form (using 2,048 iterations of the MD5 algorithm and salted with a random series of characters),” according to the report.

Ars has changed all internal passwords and certificates, and hardened server security.