[TYPO3-english] TYPO3.ORG hacked

ries van Twisk typo3 at rvt.dds.nl
Fri Nov 14 14:54:27 CET 2008 

Luc,

from what understand from the mail "including their passwords",
it shows that the passwords where stored as plain text and thus the  
hacker
should have all our usernames and passwords.

Ries


On Nov 14, 2008, at 8:45 AM, Luc Muller wrote:

> My question is : Are the FE password md5 hashed or something on  
> TYPO3.org
>
> This is the mail I got :
>
> -------------------------------------------------------
>
> This is an important security warning. You are receiving it because  
> your
> email address is registered on the TYPO3.org website.
>
>
>
> We have to inform you that an unauthorized person has gained
> administrative access to the TYPO3.org website.
>
>
>
> The offender had access to website user details including their
> passwords, and there have been reports of this data being used to  
> access
> other websites.
>
> It also has to be expected that the data may have been disclosed to
> third parties.
>
>
>
> The attacker has been identified, and the TYPO3 Association has  
> started
> to take legal action on the issue.
>
>
>
> Important!
>
> IF YOU HAVE USED THE SAME PASSWORD ON ANY OTHER SITE, PLEASE CHANGE IT
> IMMEDIATELY!
>
>
>
> In a first step, all login accounts on TYPO3.org have been locked and
> will require a new password. We are currently working on an improved
> login procedure and will let you know when this is ready. Until then,
> you will not be able to log into the Community section of TYPO3.org.
>
>
>
> We have set up an FAQ page at http://typo3.org/about/faq/t3org-issue/
>
> The page may be updated with new questions from time to time, so make
> sure to check back before replying to this mail.
>
>
>
> We apologize for the inconveniences and troubles that this might cause
> to you.
>
>
>
> TYPO3 Association
>
> -------------------------------------------------------
>
>
> -- 
>
> *Luc Muller*
> /Web Developper/
> /Formidable - Rapid Application Developpement Framework for Typo3
> <http://formidable.typo3.ug>/
> /Typo3 Ameos <http://www.ameos.com>/
> _______________________________________________
> TYPO3-english mailing list
> TYPO3-english at lists.netfielders.de
> http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-english



			regards, Ries van Twisk


-------------------------------------------------------------------------------------------------
Ries van Twisk
tags: Freelance TYPO3 Glassfish JasperReports JasperETL Flex Blaze-DS  
WebORB PostgreSQL DB-Architect
email: ries at vantwisk.nl
web:   http://www.rvantwisk.nl/
skype: callto://r.vantwisk

More information about the TYPO3-english mailing list