Please read: Mercurial wiki passwords probably compromised
Matt Mackall
mpm at selenic.com
Wed Jan 9 00:44:42 UTC 2013
If you used the same password on the Mercurial wiki as any other site,
you should change those passwords immediately.
All the passwords on the Mercurial wiki have been disabled. You'll need
to use the 'forgot your password?' link to re-enable your account.
Mercurial was one of many wikis compromised in July/August of last year
although the attack wasn't spotted or disclosed until late December.
Debian has a summary of the attack here:
http://wiki.debian.org/DebianWiki/SecurityIncident2012
Like Debian, we have found no evidence that the attackers did anything
beyond attacking the wiki. In particular, our repository and release
tarballs are intact.
Moin passwords are stored in salted SHA1 format, not in plaintext, but
modern password attacks will still render most passwords vulnerable.
--
Mathematics is the supreme nostalgia of our time.
More information about the Mercurial
mailing list