lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Grant Ingersoll <>
Subject Re: compromised: please update your passwords
Date Tue, 13 Apr 2010 23:49:33 GMT
FYI, this is for real.  Some have asked me if it is made up.  I don't know who owns that user,
so we should ask on infra, I suspect.  Also, this applies to all  user accounts too on JIRA.

On Apr 13, 2010, at 12:25 PM, wrote:

> Dear Lucene Developers,
> You are receiving this email because you have a login, '',
on the Apache JIRA installation,
> On April 6 the server was hacked. The attackers were able to install
a trojan JIRA login screen and later get full root access:
> We are assuming that the attackers have a copy of the JIRA database, which includes a
hash (SHA-512 unsalted) of the password
> you set when signing up as '' to JIRA. If the password you
set was not of great quality (eg. based on a dictionary word), it
> should be assumed that the attackers can guess your password from the password hash via
brute force.
> The upshot is that someone malicious may know both your email address and a password
of yours.
> This is a problem because many people reuse passwords across online services. If you
reuse passwords across systems, we urge you to change
> your passwords on ALL SYSTEMS that might be using the compromised JIRA password. Prime
examples might be gmail or hotmail accounts, online
> banking sites, or sites known to be related to your email's domain,
> Naturally we would also like you to reset your JIRA password. That can be done at:
> We (the Apache JIRA administrators) sincerely apologize for this security breach. If
you have any questions, please let us know by email.
> We are also available on the #asfinfra IRC channel on
> Regards,
> The Apache Infrastructure Team
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message