in reply to
Re^5: What happened?
in thread What happened?
Great. I'm glad you feel like selling your identity to a group of folks who know better is a good idea. Sane people realize that it was a colossal screw-up, and that when you screw up you need to act responsibly. Part of being responsible here is to realize over 40,000 email/passwords spent two months with clowns before being published. These monks deserve to be notified.
I remain mystified of the opinion of why we should blame the victims, here (a classic mistake). There is some expectation that passwords are indeed secrets. Plaintext passwords are clearly anything but. Even if users had chosen better passwords, or used unique passwords to this site (a lot of us did, including myself), the reality is they are plaintext email/password pairs for 40,000+ addresses. A lot of people, most certainly, can be seriously hurt in real life. I understand from the cb this morning this has already occurred. So lets take this seriously, shall we? No more pooh-poohing hashed passwords. I will also write later a notification proposal.