With all due respect to the victims in this hacking, whoever they'll end up being, I am suspicious of hacking claims where the announcement of the hack includes a factual assertion of how the hack took place, e.g. "we used encryption but they found our forgotten unencrypted backup". How does one come to know with certainty that this is actually what happened?
I seem to recall that in the previous Bitcoin-related Linode compromises the hacker had to reboot the VPSes in order to gain access to them. That'd lock them out of any encrypted data but not an unencrypted backup, not to mention the fact that it made the fact the VPSes had been compromised really obvious afterwards.
