On May 3rd 2018 a large spike in the number of login attempts was detected on English Wikipedia due to a dictionary attack sourcing primarily from a single internet service provider.
Several hours into the attack the security team and others at the Foundation launched countermeasures mitigating the attacker's efforts. While the countermeasures were successful, end users continued to receive "failed login" notifications emails as usual.
What information was involved?
Users whose accounts were compromised were contacted or blocked. Information disclosed consisted of usernames and passwords derived as part of the dictionary attack. No personal information was disclosed.
What are we doing about it?
Changes to password policies: The security team and others at the Foundation are evaluating our current password policy with the intention of strengthening it to better protect online identities, promote a culture of security, and to align with best practices. More on this in the coming weeks but it’s definitely a step in the right direction.
Routine security assessments: Starting at the end of September, the security team will begin a series of penetration tests to assess some of our current controls and capabilities.
As the Security team grows (we’re hiring) we will expand our capabilities to include additional assessments such as routine dictionary attacks to identify poorly credentialed accounts, penetration testing, policy updates, and additional security controls and countermeasures.
Other technical controls and countermeasures: While we can’t disclose our exact countermeasures, we have a series of additional technical controls and countermeasures that will be implemented in the near future.
Security Awareness: There are several changes coming and to support these changes the security team will be launching various security awareness campaigns in the coming months.
Director of Security, Wikimedia Foundation