While I am upset about this news, the security breach could have been much worse. It's worth keeping in mind that access to Labs is restricted to only established members of the community and developers, and the list of people with access to Labs is public. I would have been much more worried if this leak happened somewhere else that was less controlled.
Sven
Yeah, I already gotten my mail... great... :(~Orsolya2013/10/3 Katie Chan <katie.chan@wikimedia.org.uk>FYI, especially since wikimania2013 & wikimania2014 are two of the affected wikis.Date: 3 October 2013 06:56
Subject: [Wikimedia-l] Notification about Wikimedia user account security issue
To: Wikimedia Mailing List <wikimedia-l@lists.wikimedia.org>
See also:
https://meta.wikimedia.org/wiki/October_2013_private_data_security_issue
On October 1, 2013, we learned about an implementation error that made
private user information (specifically, user email addresses, password
hashes, session tokens, and last login timestamp) for approximately
37,000 Wikimedia project users accessible to volunteers with access to
the Wikimedia "LabsDB" infrastructure.
LabsDB, launched in May 2013, is designed to give volunteers the
ability to write tools and generate reports that make use of data from
our databases in real-time. This supports bottom-up innovation by the
Wikimedia community. As part of this process, private data is
automatically redacted before volunteers are given access to the data.
Unfortunately, for some of Wikimedia’s wikis[1], the database triggers
used to redact private data failed to take effect due to a schema
incompatibility, and LabsDB users had access to private user data for
some user accounts in these specific wiki databases. As of October 1,
228 users have access to LabsDB, and the window of availability of
this data was May 29, 2013 to October 1, 2013.
This issue was discovered and reported by a trusted volunteer, and
access to the data in question was revoked within 15 minutes of the
report. We have no evidence to suggest that the private data in
question was exported in bulk or used for malicious purposes, but we
cannot definitively exclude the possibility. As a precautionary
measure, we have invalidated all affected user sessions, and are
requiring affected users to change their password on their next login.
We have also sent an email notification to affected users with a
confirmed email address.
We regret this mistake. LabsDB is still a new part of our
infrastructure, and we will fully audit the redaction process, so as
to minimize any risk of a future mistake of this nature.
Sincerely,
Erik Moeller
Vice President of Engineering & Product Development
Contact information
Should you have any questions, please contact us via email to:
accountsecurity@wikimedia.org
You can also reach the Wikimedia Foundation at:
Wikimedia Foundation, Inc.
149 New Montgomery Street
Floor 6
San Francisco, CA 94105
United States
Phone: +1-415-839-6885
Fax: +1-415-882-0495
[1] List of affected databases: aswikisource bewikisource dewikivoyage
elwikivoyage enwikivoyage eswikivoyage frwikivoyage guwikisource
hewikivoyage itwikivoyage kowikiversity lezwiki loginwiki minwiki
nlwikivoyage plwikivoyage ptwikivoyage rowikivoyage ruwikivoyage
sawikiquote slwikiversity svwikivoyage testwikidatawiki tyvwiki
ukwikivoyage vecwiktionary votewiki wikidatawiki wikimania2013wiki
wikimania2014wiki
--
Erik Möller
VP of Engineering and Product Development, Wikimedia Foundation
_______________________________________________
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>--Katie ChanVolunteer Support OrganiserWikimedia UKWikimedia UK is a Charitable Company registered in England and Wales.Registered Company No. 6741827. Registered Charity No.1144513.Registered Office: 4th Floor, Development House, 56-64 Leonard Street, London EC2A 4LT. United Kingdom.Wikimedia UK is the UK chapter of a global Wikimedia movement. The Wikimedia projects are run by the Wikimedia Foundation (who operate Wikipedia, amongst other projects).Wikimedia UK is an independent non-profit charity with no legal control over Wikipedia nor responsibility for its contents.
_______________________________________________
Wikimania-l mailing list
Wikimania-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikimania-l
_______________________________________________
Wikimania-l mailing list
Wikimania-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikimania-l