Yeah, I already gotten my mail... great... :( *~Orsolya*
2013/10/3 Katie Chan <[email protected]> > FYI, especially since wikimania2013 & wikimania2014 are two of the > affected wikis. > > ---------- Forwarded message ---------- > From: Erik Moeller <[email protected]> > Date: 3 October 2013 06:56 > Subject: [Wikimedia-l] Notification about Wikimedia user account security > issue > To: Wikimedia Mailing List <[email protected]> > > > See also: > https://meta.wikimedia.org/wiki/October_2013_private_data_security_issue > > On October 1, 2013, we learned about an implementation error that made > private user information (specifically, user email addresses, password > hashes, session tokens, and last login timestamp) for approximately > 37,000 Wikimedia project users accessible to volunteers with access to > the Wikimedia "LabsDB" infrastructure. > > LabsDB, launched in May 2013, is designed to give volunteers the > ability to write tools and generate reports that make use of data from > our databases in real-time. This supports bottom-up innovation by the > Wikimedia community. As part of this process, private data is > automatically redacted before volunteers are given access to the data. > Unfortunately, for some of Wikimedia’s wikis[1], the database triggers > used to redact private data failed to take effect due to a schema > incompatibility, and LabsDB users had access to private user data for > some user accounts in these specific wiki databases. As of October 1, > 228 users have access to LabsDB, and the window of availability of > this data was May 29, 2013 to October 1, 2013. > > This issue was discovered and reported by a trusted volunteer, and > access to the data in question was revoked within 15 minutes of the > report. We have no evidence to suggest that the private data in > question was exported in bulk or used for malicious purposes, but we > cannot definitively exclude the possibility. As a precautionary > measure, we have invalidated all affected user sessions, and are > requiring affected users to change their password on their next login. > > We have also sent an email notification to affected users with a > confirmed email address. > > We regret this mistake. LabsDB is still a new part of our > infrastructure, and we will fully audit the redaction process, so as > to minimize any risk of a future mistake of this nature. > > Sincerely, > Erik Moeller > Vice President of Engineering & Product Development > > Contact information > > Should you have any questions, please contact us via email to: > > [email protected] > > You can also reach the Wikimedia Foundation at: > > Wikimedia Foundation, Inc. > 149 New Montgomery Street > Floor 6 > San Francisco, CA 94105 > United States > Phone: +1-415-839-6885 > Fax: +1-415-882-0495 > > [1] List of affected databases: aswikisource bewikisource dewikivoyage > elwikivoyage enwikivoyage eswikivoyage frwikivoyage guwikisource > hewikivoyage itwikivoyage kowikiversity lezwiki loginwiki minwiki > nlwikivoyage plwikivoyage ptwikivoyage rowikivoyage ruwikivoyage > sawikiquote slwikiversity svwikivoyage testwikidatawiki tyvwiki > ukwikivoyage vecwiktionary votewiki wikidatawiki wikimania2013wiki > wikimania2014wiki > > > -- > Erik Möller > VP of Engineering and Product Development, Wikimedia Foundation > > _______________________________________________ > Wikimedia-l mailing list > [email protected] > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, > <mailto:[email protected]?subject=unsubscribe> > > > > -- > Katie Chan > Volunteer Support Organiser > Wikimedia UK > +44 (0) 20 7065 0990 > +44 (0) 7885 980 534 > > Wikimedia UK is a Charitable Company registered in England and Wales. > Registered Company No. 6741827. Registered Charity No.1144513. > Registered Office: 4th Floor, Development House, 56-64 Leonard Street, > London EC2A 4LT. United Kingdom. > Wikimedia UK is the UK chapter of a global Wikimedia movement. The > Wikimedia projects are run by the Wikimedia Foundation (who operate > Wikipedia, amongst other projects). > > Wikimedia UK is an independent non-profit charity with no legal control > over Wikipedia nor responsibility for its contents. > > > _______________________________________________ > Wikimania-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/wikimania-l > >
_______________________________________________ Wikimania-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikimania-l
