Skip to content
Diff

Diff

  • Categories
    • Equity & Inclusion
    • Education & Open Access
    • Technology
    • Partnerships & Events
    • Policy & Advocacy
    • Movement Strategy
  • About
  • Submit
  • Calendar

Wikimedia Foundation's response to recently compromised staff and community wiki accounts

16 November 2016 by Darian Anthony Patrick
Translate This Post

Photo by PereslavlFoto, CC BY-SA 3.0.
Photo by PereslavlFoto, CC BY-SA 3.0.

Beginning on Friday, November 11, 2016, wiki accounts belonging to Wikimedia Foundation staff and community members were temporarily compromised. This incident is under investigation, and we will make more information available as we are able to do so. As part of our commitment to be transparent with our users, we are providing an overview of the incident, and sharing information about our response.
What happened?
On Friday, November 11, a number of Wikimedia Foundation staff and Wikimedia community accounts were temporarily accessed by an unidentified and unauthorized third party. This unknown person or persons made several edits to Wikimedia sites (en.wikipedia.org, wikimediafoundation.org, and mediawiki.org) while in control of these accounts. The attacker has continued attempting to access other accounts over the past several days, with the latest efforts taking place today, Wednesday, November 16.
What is being done?
Since the attack began, volunteer community members and Foundation staff have worked diligently to lock the compromised accounts and restore them to their owners, and to revert the edits made by the attackers. As this activity continues, we are actively monitoring the projects to secure compromised accounts, and revert malicious edits. We have enabled two-factor authentication for all Wikimedia Foundation staff and project administrators. We are working on enabling this feature for all accounts as soon as possible.
Additionally, we encourage everyone to change their passwords as a standard precautionary measure, and to ensure that they are using good password hygiene. This means:

  • Using strong passwords, containing at least 8 characters and including letters, numbers, and symbols.
  • Using unique passwords for your wiki accounts, and not reusing them for any other website or any other purpose. This means not reusing them across Wikimedia services (for instance, using the same password on your Gerrit account that you do to access the projects)
  • Changing passwords periodically.
  • If you are an administrator and have not enabled two-factor authentication on your account, please do so right away.

We recommend that everyone take a moment to consider their password practices. Strong, unique passwords will help us to protect the projects from attacks like this.
Our investigation into this incident is still ongoing and we will make more information available as we are able to do so. We can reassure any concerns of donors now.
“This incident did not affect fundraising operations,” said Lisa Gruwell, Chief Advancement Officer of the Wikimedia Foundation.
Donor and payment information is kept in a separate database and uses separate and dedicated server infrastructure with additional security. Donor and payment information was not involved in this incident.
The Wikimedia Foundation takes the privacy and security of user and staff very seriously. We will continue to monitor the projects and stop these attacks, and will be implementing additional security measures to prevent another similar incident.
Darian Anthony Patrick, Security Manager*
Wikimedia Foundation

*We would like to thank the volunteer admins and WMF teams, including Ops, Support and Safety, Editing, Labs, Reading, Release Engineering, Legal, and Communications, that have worked diligently to investigate and respond to this incident.

This post has been updated with information from the Wikimedia Foundation’s fundraising team.

Archive notice: This is an archived post from blog.wikimedia.org, which operated under different editorial and content guidelines than Diff.

Can you help us translate this article?

In order for this article to reach as many people as possible we would like your help. Can you translate this article to get the message out?

Start translation

Related

8 Comments
Inline Feedbacks
View all comments

Wikipedia wird serienweise angegriffen und führt Zwei-Faktor-Authentifizierung ein – Avada Classic
6 years ago
#25794

[…] Derzeit ist unklar, ob die Daten nur genutzt wurden, um die Wikipedia-Seiten sichtbar zu vandalieren oder ob auch interne Daten abzuschöpfen oder Download-Links umzuleiten. Die Wikimedia Foundation verspricht, die Wikipedia-Autoren bald über die Fortschritte ihrer Ermittlungen zu informieren. […]

0
Tim1965
6 years ago
#25795

When Wiki began requiring contributors to have a single password for both their Wikipedia and WikiCommons accounts, I resisted. “What happens if Wikipedia gets hacked? The hacker will have access to both my accounts, and do twice as much damage.” No one paid attention.

0
revi
6 years ago
#25796

IMO the benefit of the SUL (unified login across 700 wikis) outweighs the risk (one compromise, everywhere).

0
C D
6 years ago
#25797

Does this mean contributors to wikimedia have insecure account information now? Are our payment methods compromised?

0
maworld
6 years ago
#25798

I gave a contribution last year. On November 16, 2016, I received an email asking for another donation, that it’s been a year. I’m glad I checked this website first. It looks like I’ll have to hold off. Thanks!

0
Ed Erhart(@ederhart)
Author
6 years ago
#25799

Hi C D and Maworld, I’m a Foundation staffer and work on the blog. Thank you for your comments. Donor and payment information was not involved in this incident or accessed by the attackers. We have updated the blog post with more information from our fundraising team.

0
John K. Schmitz
6 years ago
#25800

I recommend to use a password manager like 1password, KeePass etc.
Do you hear me Jimmy Wales?

0
Ed
6 years ago
#25801

Why are your headquarters listed as being in California and donations are being sent to Washington DC
Thank you

0

Meta

Posted in Communications, FoundationTagged account, compromise, Security, Wikimedia, Wikimedia Blog (EN Archive)

Related

Welcome to Diff

Welcome to Diff, a community blog by – and for – the Wikimedia movement. Join Diff today to share stories from your community and comment on articles. We want to hear your voice!

Learn more

Subscribe to Diff via Email

Enter your email address to subscribe to Diff and receive notifications of new posts by email.

Wikimedia News

Wikimedia Foundation News

  • Wikimedia Foundation urges Pakistan Telecommunications Authority to restore access to Wikipedia in Pakistan
    4 February 2023 by Wikimedia Foundation

Wikimedia Technology Blog

  • Perf Matters at Wikipedia in 2016
    8 December 2022 by Timo Tijhof

Down the Rabbit Hole

  • 2022 as you saw it on Wikipedia
    15 December 2022 by Ed Erhart

Diff

This is Diff, a Wikimedia community blog.

All participants are responsible for building a place that is welcoming and friendly to everyone. Learn more about Diff.

A Wikimedia Foundation Project

Links

  • Join
  • Subscribe
  • Guidelines
  • Editorial guidelines
  • Privacy Policy
  • Terms of Use
Log in

Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted.
Powered by WordPress.com VIP, Automattic Privacy Notice.

wpDiscuz
 Report this comment
 

    You are going to send email to

    Move Comment