EuroPython 2018: Please reset your password

[M.-A. Lemburg]

Regular password resets are always a good thing to do, but this time
we have a specific reason to ask you to consider taking the extra
time.

In December 2017, our ISP detected port scans originating from our
server and informed us about these. During the analysis, we found that
someone (or better: some script) had found a way to break-in to our
web server running the EuroPython website. We quickly fixed the
situation, reset all authorizations and put measures in place to
strictly limit the number of people having access to the server to a
minimum and better secure the server against future break-in attempts.

The server was only used as SSH port scanning relay and we found no
evidence of loss or leakage of data. We don’t believe that any of your
personal information got into the wrong hands, but even though the
passwords are stored using secure and salted hashes (using PBKDF2), we
still recommend to reset your password to be on the safe side.

We know that this notice is late and we’d like to apologize for the
hassle caused by this.

If you have just created a new account on the
https://ep2018.europython.eu/ website we just launched, no further
action is necessary.

We only recommend the password reset if you have had an account with
us in previous years and this account is active on the new
https://ep2018.europython.eu/ website. Logins on the older versions of
our website are disabled for regular users, so no action is necessary
on these.

Please see our blog post for instructions on how to reset your password:

https://blog.europython.eu/post/173793513217/europython-2018-please-reset-your-password


Enjoy,
--
EuroPython 2018 Team
https://ep2018.europython.eu/
https://www.europython-society.org/


PS: Please forward or retweet to help us reach all interested parties:
https://twitter.com/europython/status/994879080263831552
Thanks.