If they stole the domain name, that means the users' browsers would be submitting their cookies to the attacker's server. That means that anything stored in the user's cookie (for example, session IDs) could be compromised, just not their stored data.

Exactly what I was thinking. Some sites go so far as to simply hash the username and password (I like to think a big site like Photobucket's smarter than this) into a cookie and just compare the hash every so often..

The fun part of that is that there's not really a way to tell for sure if cookiedata was taken until you get a copy of the source for the replacement page or what have you..

"No personal information? "

You beat me to the punch there,

And i thought i was a n00b,

who employs these people?

You do realise El Reg includes such comments about "No personal information being stolen etc" are only included for our amusement.

Before our Turkish friend is extridited to the USA to face criminal charges ?

I have been getting atspace.com when I request photobucket.com since Wed. June 18 about 4 a.m. PDT. It's now Thurs, 7 a.m. Before that, the same thing occurred from Tues. 2 p.m. to Wed. 2 a.m. Whatever they're doing is taking far longer than a few hours. My ISP is Comcast; I'm in Oakland, California.

..that the phrase "Pushti pezevenk" was in the message somewhere?