Nothing Here Posted April 17, 2013 Share Posted April 17, 2013 I am a member and I got a strange email from them today. Was wondering if anyone else got the "Mandatory" password chane email? I haven't clicked the link in it, but if it's real, I will go directly to the site and change it. Here is the email, slightly altered to remove my username: Dear XXXXXXX, On March 29th 2013 we discovered that one of the MusicBrainz database dumps contained password hashes for a large portion of MusicBrainz accounts. While we don't believe that these password hashes are either useful or widely distributed, we are requiring all users change their passwords. The database dumps that contain this data were promptly deleted, and have been replaced with correctly sanitized database dumps. Unfortunately logs from this server do show that this database dump was downloaded, and as we have no real indication of where this data now is, we're treating this seriously. We have adjusted our database dumping scripts to be very specific about exactly which data they should export, so that in the future we will not leak private data by making the same mistake again. We're extremely sorry about this mistake, and while we don't believe this data should allow attackers to retrieve user passwords, we can't be 100% certain. As such, we require that all users change their password as soon as possible. The next time you login to the website, you will be requested to change your password. Alternatively, you can go to the following link: https://musicbrainz....ory=1&username= Users should also note that access to authenticated web service calls, for example to manage tags and ratings via Picard, are also blocked until passwords are changed. If you are finding that software that uses MusicBrainz is not behaving as youd expect, please check that you can login via the website. For more details, please see the blog post: http://blog.musicbrainz.org/?p=1844 We're extremely sorry this happened, and thank you for your co-operation. - The MusicBrainz Team Link to comment Share on other sites More sharing options...
Nick H. Supervisor Posted April 17, 2013 Supervisor Share Posted April 17, 2013 If you like and trust the site, then play it safe and change the password anyway (going directly to the site rather than using the link in the email, as you correctly pointed out). Link to comment Share on other sites More sharing options...
Nothing Here Posted April 17, 2013 Author Share Posted April 17, 2013 Ok, upon going directly there, I put my pass in and it then it wanted me to put in my old pass then a new one. So I guess it's legit. Link to comment Share on other sites More sharing options...
Recommended Posts