Unidata community members:
The Unidata apache web server account was exploited through a vulnerability in a cgi-bin script on February 20, 2014. A fair bit of community user information was accessed, including website account email addresses and their associated passwords in encrypted hash form. We need to assume the hacker(s) are in the process of combing through this information and will be attempting to crack and use passwords found.
If you use a common password for multiple accounts including Unidata's web site, we STRONGLY recommend that you change your password for those other accounts immediately.
Please note: we will be enforcing a reset of Unidata website account passwords and password reminders. Our web site's login page will walk you through the procedure to reset these values.
In addition, we recommend disabling/removing the 'datasets.cgi' script should you be running it on your server.
We profusely apologize for this security breach and stand ready to help you in any way that we can.
Please send any questions/comments to Unidata User Support <support@unidata.ucar.edu>
This is a serious situation; please take appropriate action immediately.
