On Thu, Oct 3, 2013 at 1:06 PM, Risker <risker.wp(a)gmail.com> wrote:
Please note that it is especially important to change
your passwords on the
Wikimania wikis where you have accounts. These are non-SUL wikis and
changing your SUL password will not effect a change on the Wikimania 2013
and 2014 wikis. Even if you never intend to edit those wikis again, your
password and account could still hypothetically be compromised.
I agree with others that the risk is very, very small; nonetheless, it is
not non-existent.
Risker/Anne
It sounds like they've already scrambled the passwords as part of
requiring the password reset procedure. Even if they haven't, Erik's
description of precautionary measures should mean that access to your
Wikimania (etc) accounts is disabled prior to a password reset using
your e-mail, so there's no real risk that someone will get into your
account (unless they can also get into your e-mail).
But normally notices of compromised passwords include standard
language suggesting that users change their passwords for any other
login where they've used similar information, in case the combination
of name and password is sold or someone attempts to use their
knowledge of you to access your information on other sites. Perhaps
that is part of the e-mail notification the WMF sent; if not, it's
good practice.
~Nathan