Page MenuHomePhabricator

Publish analysis of sustained login attack of 3 May 2018
Open, Needs TriagePublic

Description

Many users have been alerted to attempted logins to their accounts over several hours on 3 May. The attack was sustained with around 2,500 login failure per hour, being a magnitude higher than normal levels. A statement was made by email on 4 May: https://lists.wikimedia.org/pipermail/wikimedia-l/2018-May/090145.html

This task is to track publication of any analysis. Though some details might have security implications, there is plenty of published operational data from the event, along with several on-wiki discussions by concerned users. Explaining what analysis has been done and whether this may be prevented in the future does not have to compromise security. A report may even help to encourage long term users and those with trusted rights to enable two factor authentication on their accounts.

Event Timeline

Fae created this task.May 4 2018, 9:32 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 4 2018, 9:32 AM
abian added a subscriber: abian.May 4 2018, 11:17 AM
Yann added a subscriber: Yann.May 4 2018, 12:09 PM
Lofhi added a subscriber: Lofhi.May 4 2018, 1:17 PM
Altt311 added a subscriber: Altt311.May 4 2018, 2:52 PM
Bawolff added a subscriber: Bawolff.May 4 2018, 3:18 PM
Vituzzu added a subscriber: Vituzzu.May 4 2018, 3:19 PM
Huji added a subscriber: Huji.May 4 2018, 5:39 PM
Mbch331 added a subscriber: Mbch331.May 4 2018, 6:54 PM
SQL added a subscriber: SQL.May 6 2018, 4:03 AM
Ed7789 added a subscriber: Ed7789.May 6 2018, 1:12 PM
He7d3r added a subscriber: He7d3r.May 7 2018, 5:43 PM
Vvjjkkii renamed this task from Publish analysis of sustained login attack of 3 May 2018 to pmdaaaaaaa.Jul 1 2018, 1:11 AM
Vvjjkkii triaged this task as High priority.
Vvjjkkii updated the task description. (Show Details)
Vvjjkkii removed subscribers: Huji, Aklapper.
Yann renamed this task from pmdaaaaaaa to Publish analysis of sustained login attack of 3 May 2018.Jul 1 2018, 10:32 AM
Yann updated the task description. (Show Details)
Yann added subscribers: Aklapper, Huji.
Scott added a subscriber: Scott.Jul 1 2018, 5:56 PM
CommunityTechBot raised the priority of this task from High to Needs Triage.Jul 5 2018, 6:36 PM
Bawolff moved this task from Backlog to To Follow Up on the Security-Team board.Sep 4 2018, 4:25 PM
Tgr added a subscriber: Tgr.Oct 31 2018, 10:33 PM

There was a blog post about the attack. Presumably this task can be closed?