The situation is gaining momentum. The guys say that hackers already stole purses worth more than $ 15 million! Does anyone know anything?
No more than users trying to access the MEW website were redirected to a phishing site controlled by the attackers, and as you state, apparently $15 million/215 Ether was stolen.
It wasn't a security flaw on MyEtherWallet's side, but a phishing attack.
Always be cautious when accessing any website, and that includes clicking any links like emails you get.
MyEtherWallet warned users:
“PLEASE ENSURE there is a green bar SSL certificate that says “MyEtherWallet Inc” before using MEW.”
Sage advice.