Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris
 
PerlMonks  

working: announcement of recent user info leak

by jdporter (Canon)
on Jul 23, 2009 at 20:36 UTC ( #782783=note: print w/replies, xml ) Need Help??


in reply to jdporter's site scratchpad

Nkuvu, you are right. Good catch. That is an artifact of the fact that, when originally drafted, the notice put the break-in date at July 28, the same day on which the exploit was published in the e-zine (and the day on which PerlMonks admins were made aware of the leak). Later, it was determined that the break-in occurred much earlier, on May 20. The second paragraph should have been amended to state that the exploit was published on July 28. This was an oversight and an error, principally on my part.

To set the record straight — PerlMonks admins were made aware of the information leak on July 28, not on May 20 as the text implies.

I apologize for the error and any consequent misunderstanding.


Hello,

Late yesterday we became aware that someone had cracked into a
PerlMonks server and published a list of 580 account passwords and
e-mails.  You have been e-mailed because you are one of those 580
users.

If you had not yet changed your password then we have changed it for
you.  In either case, if you used that password anywhere else, you
should go change those other passwords now.

The server that was compromised was an old DB server that is no longer
in use.  pair.com is investigating the breach but so far we have no
indication that the production DB is not secure.  But there is a risk
so please use a password that isn't used elsewhere.

We are sorry about the inconvenience and are working to mitigate the
current problem and prevent future problems of this sort.

If you hadn't already changed your password, then please use
http://perlmonks.org/?node_id=2513 to request an e-mail containing
your new, randomly generated password.

A few of you recently changed your e-mail address.  Most of these
changes appear to be legitimate.  And we are sending this notice to
both your previous (published) e-mail address and the new address that
you (or somebody who used your published password) recently changed it
to.

Some of the e-mails have been reset to their previous value.  If your
previous (or recent) e-mail at PerlMonks isn't one that you currently
have access to and your password reminder doesn't reach you (and you
aren't able to log in), then reply to PerlMonks Admins 
<perlmonks.org@gmail.com> with the details so we can resolve the problem.

Again, sorry for the inconvenience.  We thank you for your patience
and understanding as we work on this problem.

Sincerely,
Tye McQueen, Max Maischein
for the PerlMonks admins
(email sent at Wed, 29 Jul 2009 21:13:14 UTC)
  • Comment on working: announcement of recent user info leak

Replies are listed 'Best First'.
Re^2: jdporter's site scratchpad
by jdporter (Canon) on Jul 30, 2009 at 14:06 UTC

    Log In?
    Username:
    Password:

    What's my password?
    Create A New User
    Node Status?
    node history
    Node Type: note [id://782783]
    help
    Chatterbox?
    and the web crawler heard nothing...

    How do I use this? | Other CB clients
    Other Users?
    Others making s'mores by the fire in the courtyard of the Monastery: (6)
    As of 2020-03-30 06:34 GMT
    Sections?
    Information?
    Find Nodes?
    Leftovers?
      Voting Booth?
      To "Disagree to disagree" means to:









      Results (174 votes). Check out past polls.

      Notices?