Why am I finding out that my account was hacked half a year after the fact? Why did I have to find out from a 3rd party service? Why have you still not emailed users to tell them they were hacked? Why have you not reset all user passwords? Why did you not do this back in August last year?!