Hackers broke into the infrastructure for the open-source Apache Foundation in what is being described as a direct, targeted attack . The hackers hit the server hosting the software that Apache.org uses to it to track issues and requests and stole passwords from all users. The passwords were encrypted on the compromised servers (SHA-512 hash) but Apache said the risk to simple passwords based on dictionary words is quite high and urged users to immediately rotate their passwords.
Source: https://threatpost.com/apache-foundation-hit-targeted-xss-attack-041310/73815/