There's a few threads on enwiki going on about increased account hacking activity. For example, here. Opening this just so folks are aware.
Description
Description
Event Timeline
Comment Actions
<Reedy> https://grafana.wikimedia.org/d/000000004/authentication-metrics?viewPanel=10&orgId=1&from=now-2d&to=now <Reedy> Been quite an increase in failed logins for ~30H <Reedy> Quick look at some logs, looks like a form of dictionary/enumeration type attack again accounts
Per grafana, lasted from Friday 10 AM to Saturday 4 PM UTC, with something like 1500 login attempts / min.
As long as you use a strong unique password, you don't need to worry about attacks like these.
Comment Actions
The attacks did not continue and did not expose any weakness so unless the Security team wants to follow up IMO we can close this task.
Comment Actions
so unless the Security team wants to follow up IMO we can close this task.
I think we can close the task for now. If the spikes come back we can re-open or file a new task. I'm not sure there's much we can analyze here other than noting where the spikes originated.