We recently experienced a directed attack on SourceForge infrastructure (http://sourceforge.net/blog/sourceforge-net-attack/) and so we are resetting all passwords in the sf.net database — just in case.
Our investigation uncovered evidence of password sniffing attempts. We have no evidence to suggest that the sniffing attempt was completed successfully. But, what we definitely don’t want is to find out in 2 months that passwords were compromised and we didn’t take action.
So, we’ve invalidated all sourceforge.net account passwords, and to access the site again, everyone will need to go through the email recovery process and choose a shiny new password.