Phishing attempts for WordPress.org credentials
Recently there was a “phishing” email sent to several plugin authors designed to steal their login credentials. If you receive or have received any emails claiming to be from the plugin repository, please make sure to double check them. Emails regarding the repository are always sent from a wordpress.org email address. If in doubt please reply to the email asking for confirmation.
Please always check the URL you are logging into, for any site. Be sure you are logging into “wordpress.org”, not “wordpress.some-evil-domain.info”.
Here’s what many plugin authors have reported receiving:
Example phishing email. That link doesn't go to wordpress.org, though! (And we don't have a my-plugins-status page.)
If you have received a suspicious email and followed any links, please visit the real WordPress.org and change your password. If not, as a plugin author it’s a good idea to change your password regularly.
Lee, 
Lee 6:40 am on March 27, 2012 Permalink
Last time plugin author accounts got compromised didn’t the repo start emailing authors on every commit? I just did some commits right now, but didn’t get any emails – has that broken/been turned off?
[As an addendum, I didn't get an email to say that my latest repo had been approved either - so maybe I've stuffed up a setting somewhere?]
Andrew Nacin 6:43 am on March 27, 2012 Permalink
I got an email for your commit [524175] (I receive all of them) so I would check your spam.
Lee 2:09 pm on March 27, 2012 Permalink
Nope, nothing, nil, nada I’m afraid.
Alex Mills 4:46 am on March 28, 2012 Permalink
I can confirm they’re working for the average Joe. I get e-mails for all my commits.
Lee 6:30 am on March 28, 2012 Permalink
Hi Alex, thanks for confirming they’re working for you – must be something wonky with my personal setup – I’ll do a bit more digging. [Apologises to Andrew in advance for dummy commit messages!]
Charles 12:49 pm on March 28, 2012 Permalink
I’m sorry for my account was hacked this time. I use iPhone check my email these days and Safari on iPhone has a too short address bar and I over looked the domain name. I noticed that you’ve fixed my plugin and prevented it from bothering more users. Thank you very much.
Could you tell me something about how can I get back my account? Any help will be appreciated.