

MusicBrainz Password Leak - jameswyse
http://pastebin.com/xsvWuPmq

======
jameswyse
OP links to a copy of the email I received this morning.

Yet another company with a far too relaxed approach to security. What bothers
me though is that they discovered this 2 weeks ago and I'm only hearing about
it now.

The blog post they link to is dated April 5th:
<http://blog.musicbrainz.org/?p=1844>

~~~
codygman
LOL... mandatory=1 in the url? What happens if you set it to 0?

~~~
jameswyse
haha who knows..

Their site in general is pretty dumb. I logged in and deleted my account but
it didn't log me out, it just changed my name to 'Deleted Editor #XXXXXX' - I
can still edit all the account details.

~~~
ocharles
Hi, we do have a public bug tracker and you could have reported this. I've
filed a ticket at <http://tickets.musicbrainz.org/browse/MBS-6166>.

------
MasterScrat
Is there a service where I could indicate which websites I'm using, and that
would warn immediately me if one of them is compromised?

I'd rather have a single, reliable source of information for this. Also I'd
like to see the history of each service before I sign up.

------
bredren
I used to use MusicBrainz to sort out mp3 tags, it was pretty awesome back in
the day. I don't really have that problem anymore.

------
Cyphase
Mine has a date! <http://pastebin.com/dzRqSgGj>

