Leaked information includes cryptographically scrambled versions of passwords but not the actual passwords, the answer to a personal security question, and information relating to Mobile and Dial-In Authenticators. Company can't confirm credit card information was accessed.