The Signpost

Discussion report

Compromise of two administrator accounts prompts security review

On November 4, in a protest against Wikimedia security practices, a grey hat hacker compromised the accounts of the administrators Salvidrim! and OhanaUnited and, from those accounts, posted two messages to the bureaucrats' noticeboard requesting immediate desysopping of those accounts.

The hacker claimed responsibility for the breach on Reddit[1], criticizing the status quo of security on Wikimedia projects:

Countless usernames, emails and plain text passwords of Wikipedia accounts are listed in the data breaches, including accounts with CU/OS permissions. One that stood out was that of a former arb and WMF staff member whose same password was listed on multiple dumps. I also came across login details for multiple emails ending with @wikimedia.org, recognized some as having developer access. FWIW, they all had mostly strong passwords, although it hardly matters if they use the same password on WP. Now, I didn’t try logging into any of these to check if they work or not. The only reason I tried logging into these two accounts is because I recognized them as familiar admin accounts which had numbers as passwords and I was convinced it wouldn’t give me access. Once it did, I only had two options, either post to BN or forget about it. Had I reported it to Arbcom or privately, it would have been swept under the rug.

For all we know, people have been accessing admin accounts with impunity for years without anyone knowing. Nothing short of a forced reset for passwords on all privileged accounts is going to solve this.

I didn’t comb through the data further nor do I intend to - but that does not mean others won't.


— cwmtwrp

Although both administrators were able to regain access to their accounts, editors nonetheless raised concerns about account security on Wikipedia and Wikimedia projects. Some ideas were raised at the noticeboard discussion, including password complexity requirements and identifying privileged accounts with weak passwords. One day later, after consultation with the Wikimedia security team, Worm That Turned opened a RfC to review the status quo of security and to receive proposals on how to strengthen account security.

In brief

  • BASC motions: On the ArbCom motion request page, two motions were proposed relating to the Ban Appeals Subcommittee (BASC). The former motion proposed narrowing the scope of BASC to functionary blocks and blocks unsuitable for public discussion, and the latter motion proposed disbanding BASC altogether.
  • WP:NOTHERE as a blocking rationale: A few weeks ago, Doc9871 added "not here to build an encyclopedia" (WP:NOTHERE) to Wikipedia:Blocking policy as a suggested rationale for blocking. Concerned with the page's essay classification, Staszek Lem reverted the addition. A RfC was opened on whether 'NOTHERE' should be added as a suggested rationale. Some also suggested promoting WP:NOTHERE to a guideline or a policy.
  • Poetic militancy: An editor has proposed banning the promotion of violent acts ("poetic militancy") on user pages as a polemic.
  • RfA reform, again: Started by Biblioworm "to move past the disorderly and spontaneous discussion [on RfA reform]", the 2015 administrator election reform project is the most recent in many attempts to reform the requests for adminship process. Aimed at identifying the issues with RfA, the first RfC was closed very recently; reception has been mixed on most proposed issues, but most agree that RfA needs more participants and that RfA subjects candidates to a less-than-friendly environment.

















Wikipedia:Wikipedia Signpost/2015-11-11/Discussion_report