

WineHQ Bugzilla Login database compromise - outworlder
http://www.winehq.org/pipermail/wine-users/2011-October/097753.html

======
morsch
Bah, that sucks. The "encrypted" passwords (ie. the hashes, I presume) are
gone. They don't say what kind of hash is used in (their install of) bugzilla.

On the bright side, they remove accounts after seven months of no activity
(with a warning with plenty of time). At least that's what apparently happened
with my account. If everybody did that, lots of database compromises wouldn't
have been quite so bad.

~~~
nitrogen
Presumably if one does not receive a password reset e-mail, that means one's
account was previously deleted, and thus not compromised?

