There was a major Public Service Announcement by Drupal for a security threat in older versions of Drupal. If you receive spam from your website you’re already aware of this flaw (as it’s the same vulnerability).
Drupal have addressed these problems and the most robust solution is to upgrade the core package to the latest version.
You can read more about this announcement here https://www.drupal.org/PSA-2014-003
Your data is very important and need to be protected from SQL Injection attacks and SPAM you receive.