Possibly most importantly, though, the FBI is now presumably in possession of a complete copy of the Instapaper database as it stood on Tuesday morning, including the complete list of users and any non-deleted bookmarks. (“Archived” bookmarks are not deleted. “Deleted” bookmarks are hard-deleted out of the database immediately.) Instapaper stores only salted SHA-1 hashes of passwords, so those are relatively safe. But email addresses are stored in the clear, as is the saved content of each bookmark saved by the bookmarklet. The server also contained a complete copy of the Instapaper website codebase, but not the codebase of the iOS app.
You’ve probably heard about the FBI raid earlier this week. It was totally unrelated to Instapaper, but they, like many other companies, got caught up in the seizures.