in reply to
Re^2: It's Time for Everyone to Change Passwords!
in thread It's Time for Everyone to Change Passwords!
It's still out there, now mirrored in several places (not by me, but others). Since PerlMonks is still up and running, some must think there's no risks remaining. In the interest of full disclosure here's the *TEXT ONLY* of the posting:
There is a really simple reason we owned PerlMonks: we couldn't resist more
than 50,000 unencrypted programmer passwords.
That's right, unhashed. Just sitting in the database. From which they save
convenient backups for us.
Believe it or not, there is actually debate at perlmonks about whether or not
this is a good idea. Let's just settle the argument right now and say it was
an idea that children with mental disabilities would be smart enough to scoff
at. We considered patching this for you but we were just too busy and lazy.
I'm sure you can figure it out yourselves.
This isn't a bad set of passwords, either. Programmers have access to
interesting things. These Perl guys are alright, just a little dumb apparently.
A lot of them reuse. You can explore them yourselves, I really do not want to
point out anyone in particular.
In case you guys are worried, we did NOT backdoor dozens of your public Perl
projects. Honest. Why would we want to do that?
Not worth our time ;)