Please read: Mercurial wiki passwords probably compromised

Matt Mackall mpm at
Tue Jan 8 18:44:42 CST 2013

If you used the same password on the Mercurial wiki as any other site,
you should change those passwords immediately.

All the passwords on the Mercurial wiki have been disabled. You'll need 
to use the 'forgot your password?' link to re-enable your account.

Mercurial was one of many wikis compromised in July/August of last year
although the attack wasn't spotted or disclosed until late December.  
Debian has a summary of the attack here:

Like Debian, we have found no evidence that the attackers did anything
beyond attacking the wiki. In particular, our repository and release
tarballs are intact.

Moin passwords are stored in salted SHA1 format, not in plaintext, but
modern password attacks will still render most passwords vulnerable.

Mathematics is the supreme nostalgia of our time.

More information about the Mercurial-devel mailing list