Please read: Mercurial wiki passwords probably compromised

Matt Mackall mpm at selenic.com
Wed Jan 9 18:56:16 UTC 2013


On Wed, 2013-01-09 at 01:16 -0500, Eric Siegerman wrote:
> On 01/08/2013 07:44 PM, Matt Mackall wrote:
> > Mercurial was one of many wikis compromised in July/August of last year
> > although the attack wasn't spotted or disclosed until late December.
> 
> Are bug-tracker passwords compromised as well?  (For those like me who 
> have accounts on that but not (to my knowledge) on the wiki.)

If they're the same as passwords on the wiki: yes.

Otherwise, we have no evidence that anything else was targeted. Judging
by Debian's report, I suspect this is another in a string of related
cases of large-scale industrial espionage where Mercurial and Debian are
not interesting targets.

-- 
Mathematics is the supreme nostalgia of our time.





More information about the Mercurial mailing list