Wednesday, July 29, 2009

PerlMonks compromised, some PAUSE accounts potentially at risk

If you're a CPAN author with a PAUSE account (or just a PerlMonks user) you may be interested in the below. (And you should already have received it as an email.) The same perpetrators have been getting press for also hacking Dan Kaminksy and Kevin Mitnick. Details on PerlMonks here and here.

Dear CPAN author,

This email is being sent to inform you that all passwords on the popular Perl Monks website were compromised. Many CPAN authors have accounts there and in some cases have used the same password for PAUSE. 

If you have any reason to suspect that your PAUSE account password is no longer secure, please visit and change it.


If your PAUSE account is not affected, please disregard this message and
accept apologies for the unsolicited email.



PAUSE Administrators


  1. Hmm, I have both accounts with different password :) but I didn't get any email so far...

  2. Can you take passwords from Perl Monks and check against PAUSE passwords with bruteforce (should not take that much time) and disable/reset the ones that match? There can be authors that had both accounts with the same password and are already retired so they will never change them them selfs...