in reply to Re^3: Status of Recent User Information Leak
in thread Status of Recent User Information Leak
There seem to be an awful lot of overreactions going on here. Breakins happen from time to time.
It's true that break-ins happen but I think a couple things make this different:
- With identity theft such a big deal these days and considering how much more hostile the Internet is (organized crime using botnets, etc.) the reaction is going to be stronger.
- Considering how many times people have told new Monks not to use clear text passwords, not to use weak algorithms, etc. I think many assumed this site was practicing what it preached.
- There is a difference between being told your account was hacked and finding out your information was published.
- And finally there is a huge difference between being told it was hacked and actually seeing your information listed in a hacker ezine!! There is nothing abstract about it after that!
I will close with a quote from this blog entry:
As a Perl developer, and CPAN author, this is a bit concerning. First, it would be one issue if this were just some random group of people whose passwords had been hacked, but this is a database of tens of thousands of developers, probably most with root access to the machines they write code on, and according to the hackers, many using passwords that are being re-used elsewhere. These are the passwords of developers like Chromatic, Brian D Foy, Andy Lester, engineers at major corporations and government entities, and more. The hackers couldn’t have picked a worse server to crack and expose.
I think it's for reasons like these that there has been such a strong reaction.
Update 2009-08-06: Looking at the ezine again I can add two more reasons. The hackers specifically stated that they "couldn't resist so many clear text passwords" (paraphrased) and that "several Monks reuse their respective passwords" (paraphrased). That indicates that non-PerlMonk accounts have been accessed. And as previously mentioned, keep in mind the breach occured over two months before it was discovered.
Elda Taluta; Sarks Sark; Ark Arks