There's no way I can know the extent for sure, so I'm encouraging people to be cautious and change their passwords.
What I do know of for sure is that hackers exploited a security hole to find out the passwords of the director accounts, then proceeded to log into these accounts and hack the board. They also hacked one other account that I know of, and I've already changed the password and informed that person.
I've been in contact with the hackers, and they seem a happy bunch intent on demonstrating security holes in obnoxious ways while not causing any permanent damage, but who knows for sure. The security holes they were willing to tell me about, the ones exposing passwords, have already been fixed. I'm sure there are other security holes, and I'll fix them as I learn about them.
The board was last backed up yesterday around 6 PM.