Please read: Mercurial wiki passwords probably compromised
Matt Mackall
mpm at selenic.com
Wed Jan 9 18:56:16 UTC 2013
On Wed, 2013-01-09 at 01:16 -0500, Eric Siegerman wrote:
> On 01/08/2013 07:44 PM, Matt Mackall wrote:
> > Mercurial was one of many wikis compromised in July/August of last year
> > although the attack wasn't spotted or disclosed until late December.
>
> Are bug-tracker passwords compromised as well? (For those like me who
> have accounts on that but not (to my knowledge) on the wiki.)
If they're the same as passwords on the wiki: yes.
Otherwise, we have no evidence that anything else was targeted. Judging
by Debian's report, I suspect this is another in a string of related
cases of large-scale industrial espionage where Mercurial and Debian are
not interesting targets.
--
Mathematics is the supreme nostalgia of our time.
More information about the Mercurial
mailing list