While I am upset about this news, the security breach could have been much worse. It's worth keeping in mind that access to Labs is restricted to only established members of the community and developers, and the list of people with access to Labs is public. I would have been much more worried if this leak happened somewhere else that was less controlled.
Sven On Oct 3, 2013 5:37 AM, "Orsolya Gyenes" <[email protected]> wrote: > Yeah, I already gotten my mail... great... :( > > *~Orsolya* > > > 2013/10/3 Katie Chan <[email protected]> > >> FYI, especially since wikimania2013 & wikimania2014 are two of the >> affected wikis. >> >> ---------- Forwarded message ---------- >> From: Erik Moeller <[email protected]> >> Date: 3 October 2013 06:56 >> Subject: [Wikimedia-l] Notification about Wikimedia user account security >> issue >> To: Wikimedia Mailing List <[email protected]> >> >> >> See also: >> https://meta.wikimedia.org/wiki/October_2013_private_data_security_issue >> >> On October 1, 2013, we learned about an implementation error that made >> private user information (specifically, user email addresses, password >> hashes, session tokens, and last login timestamp) for approximately >> 37,000 Wikimedia project users accessible to volunteers with access to >> the Wikimedia "LabsDB" infrastructure. >> >> LabsDB, launched in May 2013, is designed to give volunteers the >> ability to write tools and generate reports that make use of data from >> our databases in real-time. This supports bottom-up innovation by the >> Wikimedia community. As part of this process, private data is >> automatically redacted before volunteers are given access to the data. >> Unfortunately, for some of Wikimedia’s wikis[1], the database triggers >> used to redact private data failed to take effect due to a schema >> incompatibility, and LabsDB users had access to private user data for >> some user accounts in these specific wiki databases. As of October 1, >> 228 users have access to LabsDB, and the window of availability of >> this data was May 29, 2013 to October 1, 2013. >> >> This issue was discovered and reported by a trusted volunteer, and >> access to the data in question was revoked within 15 minutes of the >> report. We have no evidence to suggest that the private data in >> question was exported in bulk or used for malicious purposes, but we >> cannot definitively exclude the possibility. As a precautionary >> measure, we have invalidated all affected user sessions, and are >> requiring affected users to change their password on their next login. >> >> We have also sent an email notification to affected users with a >> confirmed email address. >> >> We regret this mistake. LabsDB is still a new part of our >> infrastructure, and we will fully audit the redaction process, so as >> to minimize any risk of a future mistake of this nature. >> >> Sincerely, >> Erik Moeller >> Vice President of Engineering & Product Development >> >> Contact information >> >> Should you have any questions, please contact us via email to: >> >> [email protected] >> >> You can also reach the Wikimedia Foundation at: >> >> Wikimedia Foundation, Inc. >> 149 New Montgomery Street >> Floor 6 >> San Francisco, CA 94105 >> United States >> Phone: +1-415-839-6885 >> Fax: +1-415-882-0495 >> >> [1] List of affected databases: aswikisource bewikisource dewikivoyage >> elwikivoyage enwikivoyage eswikivoyage frwikivoyage guwikisource >> hewikivoyage itwikivoyage kowikiversity lezwiki loginwiki minwiki >> nlwikivoyage plwikivoyage ptwikivoyage rowikivoyage ruwikivoyage >> sawikiquote slwikiversity svwikivoyage testwikidatawiki tyvwiki >> ukwikivoyage vecwiktionary votewiki wikidatawiki wikimania2013wiki >> wikimania2014wiki >> >> >> -- >> Erik Möller >> VP of Engineering and Product Development, Wikimedia Foundation >> >> _______________________________________________ >> Wikimedia-l mailing list >> [email protected] >> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, >> <mailto:[email protected]?subject=unsubscribe> >> >> >> >> -- >> Katie Chan >> Volunteer Support Organiser >> Wikimedia UK >> +44 (0) 20 7065 0990 >> +44 (0) 7885 980 534 >> >> Wikimedia UK is a Charitable Company registered in England and Wales. >> Registered Company No. 6741827. Registered Charity No.1144513. >> Registered Office: 4th Floor, Development House, 56-64 Leonard Street, >> London EC2A 4LT. United Kingdom. >> Wikimedia UK is the UK chapter of a global Wikimedia movement. The >> Wikimedia projects are run by the Wikimedia Foundation (who operate >> Wikipedia, amongst other projects). >> >> Wikimedia UK is an independent non-profit charity with no legal control >> over Wikipedia nor responsibility for its contents. >> >> >> _______________________________________________ >> Wikimania-l mailing list >> [email protected] >> https://lists.wikimedia.org/mailman/listinfo/wikimania-l >> >> > > _______________________________________________ > Wikimania-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/wikimania-l > >
_______________________________________________ Wikimania-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikimania-l
