[support] Drupal.org's website down?

[John Summerfield]

On 30/05/13 07:05, Roger wrote:
> Dear community member,
>
> We respect the privacy of your information, which is why, as a precautionary measure, we are writing to let you know about an incident that involves your personal information. The Drupal.org Security and Infrastructure Teams have discovered unauthorized access to account information on Drupal.org and groups.drupal.org. Information exposed includes usernames, email addresses, and country information, as well as hashed passwords. However, we are still investigating the incident and may learn about other types of information compromised, in which case we will notify you accordingly.
>
> This unauthorized access was made via third-party software installed on the Drupal.org server infrastructure, and was not the result of a vulnerability within the Drupal software itself. This notice applies specifically to user account data stored on Drupal.org and groups.drupal.org, and not to sites running Drupal generally.
>
> We have implemented additional security measures designed to prevent the recurrence of such an attack, and to protect the privacy of our community members.
>
> The next time you attempt to log into your account, you will be required to create a new password.
>


I too got that message. Since I get so many similar messages regarding 
paypal, ebay and assorted banks with whom I have no account, I ignore it.

Until I could not login. Fortunately, ignoring it also meant I didn't 
delete it.

On reviewing its headers I determined it most probably was genuine, and 
responded to an address where I hoped the email might be read.

I've not had any response, but my email made the point that my response, 
that is disregarding it, is a most probable reaction to apparent spam, 
and that it would be really good to produce the message when a login fails.