Resets All User Passwords in Wake of a Sniffing Attempt

Attacks on passwords, security and privacy are becoming bolder and stronger. Recently, had warned its users of a possible attack on their passwords with a blog post.


Although, the blog is down now as they are carrying out database maintenance, we can still show you the email via Sathyajit that says,


We recently experienced a directed attack on SourceForge infrastructure
( and so we are
resetting all passwords in the database — just in case. We’re
e-mailing all registered account holders to let you know about this
change to your account.

Our investigation uncovered evidence of password sniffing attempts. We have
no evidence to suggest that your password has been compromised. But, what
we definitely don’t want is to find out in 2 months that passwords were
compromised and we didn’t take action.

So, as a proactive measure we’ve invalidated your account
password. To access the site again, you’ll need to go through the email
recovery process and choose a shiny new password:

If you need help with this, feel free to e-mail us:

[email protected]

We appreciate your patience with us as we work to respond to this attack.
We’ll be working through the weekend to get things back to normal as
quickly as possible.

Watch for updates on the service outages on our blog:

Thank you,

The SourceForge Team

Given the last fiasco at Gawker media and Mozilla, we sure have to wake up and stop using MD5.

As a failsafe method, we should reset our passwords at major websites like Google and other developer networks regularly. This can work well towards keeping you safe. You can check the Sourceforge blog for details once the page is back up.

Published by

Chinmoy Kanjilal

Chinmoy Kanjilal is a FOSS enthusiast and evangelist. He is passionate about Android. Security exploits turn him on and he loves to tinker with computer networks. You can connect with him on Twitter @ckandroid.