The user table in the wikidatawiki_p database leaks private information. Everything is visible! Most important:
- user_password - Do I need to say more?
- user_email - email should be restricted, not public info.
- user_touched - last time user visited the site
- user_token - cookie token, can be used to take over a session
Checked some other random db's and these seem ok.
I asked Coren to take down the database server.