Nkuvu, you are right. Good catch. That is an artifact of the fact that, when originally drafted, the notice put the break-in date at July 28, the same day on which the exploit was published in the e-zine (and the day on which PerlMonks admins were made aware of the leak). Later, it was determined that the break-in occurred much earlier, on May 20. The second paragraph should have been amended to state that the exploit was published on July 28.
This was an oversight and an error, principally on my part.
To set the record straight — PerlMonks admins were made aware of the information leak on July 28, not on May 20 as the text implies.
I apologize for the error and any consequent misunderstanding.
Late yesterday we became aware that someone had cracked into a
PerlMonks server and published a list of 580 account passwords and
e-mails. You have been e-mailed because you are one of those 580
If you had not yet changed your password then we have changed it for
you. In either case, if you used that password anywhere else, you
should go change those other passwords now.
The server that was compromised was an old DB server that is no longer
in use. pair.com is investigating the breach but so far we have no
indication that the production DB is not secure. But there is a risk
so please use a password that isn't used elsewhere.
We are sorry about the inconvenience and are working to mitigate the
current problem and prevent future problems of this sort.
If you hadn't already changed your password, then please use
http://perlmonks.org/?node_id=2513 to request an e-mail containing
your new, randomly generated password.
A few of you recently changed your e-mail address. Most of these
changes appear to be legitimate. And we are sending this notice to
both your previous (published) e-mail address and the new address that
you (or somebody who used your published password) recently changed it
Some of the e-mails have been reset to their previous value. If your
previous (or recent) e-mail at PerlMonks isn't one that you currently
have access to and your password reminder doesn't reach you (and you
aren't able to log in), then reply to PerlMonks Admins
<firstname.lastname@example.org> with the details so we can resolve the problem.
Again, sorry for the inconvenience. We thank you for your patience
and understanding as we work on this problem.
Tye McQueen, Max Maischein
for the PerlMonks admins
(email sent at Wed, 29 Jul 2009 21:13:14 UTC)