Hello everyone, some of you will have the following email in your inbox:
Your password on WordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ has been deactivated, and you need to reset it to log in again.
We recently discovered your login credentials in a list of compromised emails and passwords published by a group of security researchers. This list was not generated as the result of any exploit on WordPress.org, but rather someone gaining access to the email & password combination you also used on another service.
To reset your password and get access to your account, please follow these steps:
1. Go to login.wordpress.org
2. Click on the link “Lost your password?”
3. Enter your WordPress.org username:
4. Click the “Get New Password” button
It is very important that your password be unique. Using the same password on different web sites increases the risk of your account being hacked.
If you have any further questions or trouble resetting your password, please reply to this message to get help from our support team. We will never ask you to supply your account password via email.
At this point we don’t have a reason to believe any accounts have been compromised, but out of an abundance of caution passwords are proactively disabled just to make sure.
If you have any questions don’t hesitate to post them in the comments.
[EDIT]: Updated the list typo to now go in order.
[EDIT]: Comments are closed. Reply to the email folks.