This is a request for a report of the analysis of the OurMine hack to be published. It is understood that a non-public investigation is necessary, but it also makes sense to be transparent about events and as quickly as possible. This will provide an 'official' public assurance of the steps being taken by the WMF to make the systems more secure. Volunteers have rapidly responded by promoting two-factor authentication, as well as working collegiately on guidance for volunteers. A report of the behind the scenes analysis would aid these efforts and ensure that if wider changes of passwords or the roll-out of 2FA to non-sysop accounts makes sense, that these can be discussed within the community in a positive way. It is likely that volunteer discussions will continue and this will be reported in the Signpost next week, so timing a report in the next few days would be helpful in ensuring factual reporting.
On 11th November it was confirmed that a number of "high profile" accounts had their passwords hacked, including Jimmy Wales' account. Edits made were to promote the OurMine organisation. Less than a day later, two-factor authentication was made available for all accounts with sysop status on any of the Wikimedia projects, though the WMF made no official statement as to whether it was in direct response to the hack. Since then other accounts have been shown to be compromised, being blocked until the account holders could have their passwords reset. The OurMine blog has confirmed there was a brute force attack on Jimmy Wales' account, and they claim to have copied the enwiki database; it is unclear whether this includes information not available in the public version of enwiki.