We securely store our passwords per industry best practice (bcrypt). — Michael Coates ஃ (@_mwc) July 9, 2016

According to Coates, on Vine "the admin site is restricted to Twitter IPs, is https, and never shows passwords in any form." OurMine claims they only took it from Dorsey's Dropbox, but as ZDNet points out, some of the info in the capture suggests it's just a fake. We still don't know exactly what hole the group used to tweet from @Jack, but check the post from Saturday for some tips on what you should do to be as secure as possible.