It seems that the Perl Monks database has been compromised through some kind of security hole on the server that hosts it. That would, of course, be bad enough. But it seems that the user passwords in that database were stored in plain text. So whoever got the database, got access to the passwords of every user. Some of those passwords (those belonging to the saints and the janitors) have been shared publically. And changing your password might not help as the original vulnerability hasn’t been plugged yet so the same people could grab any password that you change it to.
More details will probably appear on Perl Monks once they’ve worked out what they are going to say. But there is some discussion starting up here.
I’m astonished that I still have to repeat this, but please take this advice:
- If you’re running a site, do not store passwords in plain text
- If you’re using a site, do not use the same password as you use on other sites