in reply to
Status of Recent User Information Leak
"Some time on May 20, 2009, an unused (but still on line) perlmonks server was hacked...
The exploit was published in a hacker e-zine, and was brought to the attention of PerlMonks administrators later that night."
From the text here, it sounds like the exploit was known to the Perlmonks administrators for two full months before anything was done about it. Can someone explain to me why this security breach was wide open for two months without any notification for the people who may have been affected?
Edit to add: The original node has been updated since I posted this, clarifying the point. Specifically, the second sentence I quoted now shows a date.