Do you know how the attacker got in? I assume they altered the javascript to exfil private keys, yes? How do you know how many accounts were compromised? It might be wise to cycle everyone's keys at this point. I'll definitely be updating my posting key.