Page MenuHomePhabricator

Publish analysis of sustained login attack of 3 May 2018
Closed, ResolvedPublic

Description

Many users have been alerted to attempted logins to their accounts over several hours on 3 May. The attack was sustained with around 2,500 login failure per hour, being a magnitude higher than normal levels. A statement was made by email on 4 May: https://lists.wikimedia.org/pipermail/wikimedia-l/2018-May/090145.html

This task is to track publication of any analysis. Though some details might have security implications, there is plenty of published operational data from the event, along with several on-wiki discussions by concerned users. Explaining what analysis has been done and whether this may be prevented in the future does not have to compromise security. A report may even help to encourage long term users and those with trusted rights to enable two factor authentication on their accounts.

Event Timeline

Vvjjkkii renamed this task from Publish analysis of sustained login attack of 3 May 2018 to pmdaaaaaaa.Jul 1 2018, 1:11 AM
Vvjjkkii triaged this task as High priority.
Vvjjkkii updated the task description. (Show Details)
Vvjjkkii removed subscribers: Huji, Aklapper.
Yann renamed this task from pmdaaaaaaa to Publish analysis of sustained login attack of 3 May 2018.Jul 1 2018, 10:32 AM
Yann updated the task description. (Show Details)
Yann added subscribers: Aklapper, Huji.
CommunityTechBot raised the priority of this task from High to Needs Triage.Jul 5 2018, 6:36 PM

There was a blog post about the attack. Presumably this task can be closed?

Jcross claimed this task.
Jcross added a subscriber: Jcross.

The Security Team agrees and resolving this task for the time being.