January 2014 Archives

blogs.perl.org security breach

We regret to announce that blogs.perl.org was recently the subject of a data breach.

An attacker gained access to the database that runs the site, and was able to take a copy of all users’ hashed passwords. We’ve therefore cleared all users’ passwords as a precaution.

If you have an account on the site, you should have received an email telling you how to reset your password. If you haven’t received it soon, please let us know.

Even though the passwords were stored in a hashed form, rather than as plaintext, the blogging software we use (Movable Type) uses a relatively weak hashing algorithm, so the attacker may be able to determine your old password.

It is therefore very important that, if you used the same password on any system other than blogs.perl.org, you change the password you use there, too.

We apologise sincerely for the inconvenience this has caused our users, and for failing to live up to the trust that the Perl community has placed in us.

About Aristotle

user-pic Waxing philosophical