Yesterday I received an E-mail from Wine, stating that their database had been hacked.
The E-mail:
We are sorry to report that recently our login database for the WineHQ Application Database was compromised. We know that the entire contents of the login database was stolen by hackers. The password was encrypted, but with enough effort and depending on the quality of your old password, it could be cracked. We have closed the hole in our system that allowed read access to our database tables. To prevent further damage we have reset your password to what is shown below. We strongly suggest that if you shared your AppDB password on any other sites that you change that password as soon as possible.
There isn’t too much info available on how they got hacked. From what I can gather from their post and Email is that the hack somehow got into their PHPMyAdmin install and had full database access.
What we know at this point that someone was able to obtain unauthorized access to the phpmyadmin utility. We do not exactly how they obtained access; it was either by compromising an admins credentials, or by exploiting an unpatched vulnerability in phpmyadmin. [full post]
So if you have or have had an account on http://www.winehq.org you might want to change your password. They have already reset all passwords in their database (new password to be found in that E-mail). However, if you use the same E-mail and password combination elsewhere: Change it!
One thing I like about the way they handled it is they informed the people about it. A lot of times companies will keep a hack secret because of bad publicity, or loss of face or… But at wine they immediately took action. They closed the hole, regenerated all passwords and informed all users.
I am very sad to have to report this. We have so many challenges in our world today that this is a particularly painful form of salt for our wounds. However, I think it is urgent for everyone to know what happened.
So as far as the crisis management at WineHQ: good job. And I don’t think you can completely stop hackers, they will always find a way.