Password Resets: Yes, They’re Legit
If you got a password reset message from the Codex and are wondering if it’s a real thing: yes, it’s a real thing. Please reset your password.
This is just a precautionary measure; when we were copying the database during the host migration process last night, the SQL dump was (for a short time) placed in a public-facing directory. If someone knew the filename (which, granted, is unlikely in the extreme), there was a short window during which they could have downloaded the database in its (compressed) entirety.
Thus, just to be sure, I’ve reset all user passwords, and have also reset WordPress’ security salts (which means that if you had a session open, you’ll find that it was logged out rather unceremoniously).
Forthcoming and honest notification. Well played.
I try to be open about security stuff. Comes with the day job.