Page MenuHomePhabricator
Create Task
Maniphest T193846

Publish analysis of sustained login attack of 3 May 2018
Closed, ResolvedPublic
Actions

Description

Many users have been alerted to attempted logins to their accounts over several hours on 3 May. The attack was sustained with around 2,500 login failure per hour, being a magnitude higher than normal levels. A statement was made by email on 4 May: https://lists.wikimedia.org/pipermail/wikimedia-l/2018-May/090145.html

This task is to track publication of any analysis. Though some details might have security implications, there is plenty of published operational data from the event, along with several on-wiki discussions by concerned users. Explaining what analysis has been done and whether this may be prevented in the future does not have to compromise security. A report may even help to encourage long term users and those with trusted rights to enable two factor authentication on their accounts.

Related Objects
Search...

Event Timeline

Fae created this task.May 4 2018, 9:32 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 4 2018, 9:32 AM
Viswaprabha subscribed.May 4 2018, 11:00 AM
Peachey88 added a parent task: T193769: Thousands of failed login attempts (wrong password).May 4 2018, 11:16 AM
abian subscribed.May 4 2018, 11:17 AM
Xaosflux subscribed.May 4 2018, 11:22 AM
Daimona subscribed.May 4 2018, 11:23 AM
Aklapper added a project: WMF-General-or-Unknown.May 4 2018, 11:31 AM
Ariconte subscribed.May 4 2018, 11:33 AM
Paladox subscribed.May 4 2018, 11:54 AM
Yann subscribed.May 4 2018, 12:09 PM
RazeSoldier subscribed.May 4 2018, 12:42 PM
Amorymeltzer subscribed.May 4 2018, 12:51 PM
Simon_Villeneuve subscribed.May 4 2018, 1:04 PM
Lofhi subscribed.May 4 2018, 1:17 PM
Londonjackbooks subscribed.May 4 2018, 1:52 PM
mys_721tx subscribed.May 4 2018, 2:05 PM
Altt311 subscribed.May 4 2018, 2:52 PM
Bawolff subscribed.May 4 2018, 3:18 PM
Vituzzu subscribed.May 4 2018, 3:19 PM
AntiCompositeNumber subscribed.May 4 2018, 3:28 PM
Huji subscribed.May 4 2018, 5:39 PM
Mbch331 subscribed.May 4 2018, 6:54 PM
Taiwania_Justo subscribed.May 5 2018, 12:55 AM
1233thehongkonger subscribed.May 5 2018, 5:42 AM
Dane2007 subscribed.May 5 2018, 6:10 PM
SQL subscribed.May 6 2018, 4:03 AM
Peachey88 edited projects, added Security-Team; removed WMF-General-or-Unknown, Security-General.May 6 2018, 5:04 AM
Ed7789 subscribed.May 6 2018, 1:12 PM
matej_suchanek subscribed.May 6 2018, 4:38 PM
zhuyifei1999 subscribed.May 7 2018, 12:40 PM
He7d3r subscribed.May 7 2018, 5:43 PM
Mholloway subscribed.May 7 2018, 8:17 PM
OhKayeSierra subscribed.May 8 2018, 6:01 AM
Thryduulf subscribed.May 16 2018, 6:19 PM
ToBeFree subscribed.May 22 2018, 10:00 AM
BethNaught subscribed.Jun 20 2018, 7:32 PM
Vvjjkkii renamed this task from Publish analysis of sustained login attack of 3 May 2018 to pmdaaaaaaa.Jul 1 2018, 1:11 AM
Vvjjkkii triaged this task as High priority.
Vvjjkkii added projects: CheckUser, Connected-Open-Heritage-Batch-uploads (RAÄ-KMB_1_2017-02), Tamil-Sites, Gamepress, Hashtags, Jade, KartoEditor, Language-2018-Apr-June, New-Editor-Experiences, Mail, TCB-Team (now WMDE-TechWish).
Vvjjkkii updated the task description. (Show Details)
Vvjjkkii removed subscribers: Huji, Aklapper.
Yann renamed this task from pmdaaaaaaa to Publish analysis of sustained login attack of 3 May 2018.Jul 1 2018, 10:32 AM
Yann updated the task description. (Show Details)
Yann added subscribers: Aklapper, Huji.
Yann removed projects: TCB-Team (now WMDE-TechWish), Mail, New-Editor-Experiences, Language-2018-Apr-June, KartoEditor, Jade, Hashtags, Gamepress, Tamil-Sites, Connected-Open-Heritage-Batch-uploads (RAÄ-KMB_1_2017-02), CheckUser.Jul 1 2018, 10:34 AM
Yann mentioned this in T198552: Vandalism on Phabricator: Undo changes made (2018-07-01).Jul 1 2018, 10:37 AM
Hex subscribed.Jul 1 2018, 5:56 PM
CommunityTechBot raised the priority of this task from High to Needs Triage.Jul 5 2018, 6:36 PM
matmarex subscribed.Aug 30 2018, 11:57 PM
Bawolff moved this task from Incoming to To Follow Up on the Security-Team board.Sep 4 2018, 4:25 PM
Tgr subscribed.Oct 31 2018, 10:33 PM

There was a blog post about the attack. Presumably this task can be closed?

Jcross closed this task as Resolved.Sep 23 2019, 4:11 PM
Jcross claimed this task.
Jcross subscribed.

The Security Team agrees and resolving this task for the time being.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits