We recently experienced a directed attack on SourceForge infrastructure (http://sourceforge.net/blog/sourceforge-net-attack/) and so we are resetting all passwords in the sf.net database — just in case.
Our investigation uncovered evidence of password sniffing attempts. We have no evidence to suggest that the sniffing attempt was completed successfully. Â But, what we definitely don’t want is to find out in 2 months that passwords were compromised and we didn’t take action.
So, we’ve invalidated all sourceforge.net account passwords, and to access the site again, everyone will need to go through the email recovery process and choose a shiny new password:
We have received a lot of support and sympathy Â from our community, and I know our ops team is immensely grateful for all of it. Â Thanks again for your Â patience with us as we work to respond to this attack. Â We’ll be working through the weekend to get things back to normal as quickly as possible.