Security hacked - what now?

Bild des Benutzers Nikolaus Polak

It seems that one other Jabber/XMPP-Server suffered user logindata from an SQL injection attack:

This method wouldn't work on our server, because the Jabber/XMPP database is here MNESIA (not MySQL, even when that's the point our last update try failed) and the webserver on the same virtual machine hasn't a module to connect to it (and there are some more protecting layers - even our transports to other networks aren't on the same machine).