http://qs1969.pair.com?node_id=784810


in reply to Status of Recent User Information Leak

I wanted to take a quick moment to offer thanks and public praise to jdporter who has done a great deal of work in response to this incident. I believe jdporter is the person who has done the most among those who do not have access to do much of the required work. (Though, I apologize if I missed substantial work done by others, as I surely have since I haven't had time to even read much of the discussions that have been spawned.)

jdporter went to great lengths to contact as many PerlMonks as he could and reached out to me via quite a few routes, some surely requiring some research. Unfortunately, the timing was such that I didn't notice his attempts until after I caught the tail end of some aftermath to OverlordQ speaking as vroom and as me in the chatterbox. Also thanks to bobf for being the first to successfully communicate the situation to me in a manner that I was able to clearly understand.

Thanks to many others who have expressed their support and to many more who have simply demonstrated patience, calm, and/or clear-headedness in the face of this crisis.

Finally, I would like to apologize, again. In particular, for my part in not re-implementing enough of the password system at PerlMonks. There are quite a lot of improvements that I've long wanted to get to related to passwords at PerlMonks. Hashed passwords was certainly one of them. Quite a few of the published passwords (and tons of others) would have surely been quickly found even if they had been hashed due to well-established dictionary attacks. But the plain text password storage was a stated motivation of the attack.

- tye