i have good news for instructables.com users. i've been in contact with Eric Wilhelm, CEO of Instructables, who was able to get to the bottom of the issue i previously blogged about in short order and it turns out to have not been a breach of their database after all.
Instructables uses a 3rd party service to handle their newsletters. in the past they used a company called iContact, but they switched to Streamsend 2 years ago. it appears that iContact recently had a breach of their systems which you can read more about on the iContact blog.
as such it seems likely that it was only email addresses (not other, potentially more sensitive information like credentials) that were leaked since that's the data iContact would have needed access to. further, anyone who joined Instructables after the switchover to Streamsend would not have had their email address compromised by this event. this should still serve as a reminder, however, of how important it is not to re-use your passwords as, had it actually been a breach of the Instructables user database, it wouldn't have just been your Instructables account that the attackers got access to, but also every other account where you used the same username and password.
finally, there will undoubtedly be those who question why iContact still had Instructables data after 2 years. while Mr. Wilhelm expressed regret for not insisting that data be purged, i can only imagine why iContact was holding onto data it couldn't (or rather shouldn't) use for such a long time.