In our post earlier today about a major security vulnerability we found and fixed, I stated that a rubygems.org security breach had resulted in packages being compromised. I believed this was true at the time, but it was incorrect. While rubygems.org did have a security vulnerability of equivalent scope disclosed, they, like us, were not maliciously breached.
The post went through a few drafts and was reviewed by five people, none of whom noticed this error. My sincere apologies to the rubygems.org maintainers and the Ruby community in general for repeating this misunderstanding.