Two hackers from the Netherlands broke into the company's password system and used a temporary administrative password to access a series of Web forms used to post stories and configure parts of the site, Slashdot's founder Rob Malda explained in a message posted on the site this morning.
The hackers appear not to have done anything beyond posting a story trumpeting their achievement, and the site was never taken down because of the attack, he said.
In his note, Malda explained how the intruders gained access to the system. "They managed to get ahold of our backup database (updated nightly). And due to another hole...they managed to pull my Slashdot administrative password from the dump and login as me, to the real Slashdot," he wrote.
Accomplishing that, the hackers stopped their attack.
"All they wanted was to post a story claiming victory. Immediately after that, they emailed us and told us how they did it. Our crack team plugged things back up immediately," Malda wrote.
Nevertheless, he is warning Slashdot users to change their user passwords as soon as they can, just to be safe.
In May, the Slashdot site went down intermittently because of a series of distributed denial-of-service (DDOS) attacks.
Slashdot is owned by Acton, Mass.-based Andover.Net.