This is how apache JIRA is hacked
Browse the link to see the details https://blogs.apache.org/infra/entry/apache_org_04_09_2010
If any of you have account on apache.org for various projects then you might have received mail from them to change the password. If not then change your password for apache account (JIRA, Bugzilla etc)
I must say this is a big learning. Let’s be a bit more alert.