On Thu, Oct 3, 2013 at 1:06 PM, Risker risker.wp@gmail.com wrote:
Please note that it is especially important to change your passwords on the Wikimania wikis where you have accounts. These are non-SUL wikis and changing your SUL password will not effect a change on the Wikimania 2013 and 2014 wikis. Even if you never intend to edit those wikis again, your password and account could still hypothetically be compromised.
I agree with others that the risk is very, very small; nonetheless, it is not non-existent.
Risker/Anne
It sounds like they've already scrambled the passwords as part of requiring the password reset procedure. Even if they haven't, Erik's description of precautionary measures should mean that access to your Wikimania (etc) accounts is disabled prior to a password reset using your e-mail, so there's no real risk that someone will get into your account (unless they can also get into your e-mail).
But normally notices of compromised passwords include standard language suggesting that users change their passwords for any other login where they've used similar information, in case the combination of name and password is sold or someone attempts to use their knowledge of you to access your information on other sites. Perhaps that is part of the e-mail notification the WMF sent; if not, it's good practice.
~Nathan