The email address and real name are only stored in the database, right? So unless the user (or hackers) intentionally disclose that information it shouldn't be cached anywhere else.
Elda Taluta; Sarks Sark; Ark Arks
| [reply] |
Yeah, and if perlmonks deleted your email when your account is disabled then you couldn't get an email from the administrators if they found out your password was stolen (either because the attack was done before you disabled your account, or, like now, the attackers got hold of an earlier backup of the database). I don't mind that, because I for one don't want such an email (the Create A New User page even sort of promised they won't send me one), but you just might want to know.
| [reply] |
Lets look at how the current incident was handled. First, only people who had their information published by the hackers were notified by email. That means that the majority of users were not notified by email. Second, as far as we know, this site is still vulnerable to the same type of attack used on the old server. Third, passwords are still stored plain text. Given the less than stellar response by PM to the recent incident, there is no reason to expect PM to do a good job if it happens again. Therefore, if you are disabling your account, odds are you are better off having your information erased.
Elda Taluta; Sarks Sark; Ark Arks
| [reply] |