Additional details on OurMine

The guard rails I'll be following will be around the original blog post created by Darian Patrick in November 2016. I'll do my best to fill in what gaps I can.

What Happened?
The attackers targeted a small group of privileged and high profile users. It is most likely that the attackers were using passwords that had been published as part of dump of other compromised websites such as LinkedIn. This notion was also confirmed by compromised users that they were in fact recycling passwords across multiple sites with known password dumps. There was no evidence of system compromise.

What information was involved?
There is no evidence of any personal information being disclosed beyond usernames and passwords.

What was done about it?
Improved alerting and reporting to identify dictionary and brute force attacks
Extended password policy to mitigate attacks

John Bennett
Director of Security, Wikimedia Foundation

Written by JBennett on Sep 7 2018, 6:37 PM.
Bawolff, Halfak
"Like" token, awarded by Halfak.

Event Timeline

Was 2FA for admins part of this response?

This 1st round is really to address changes to our wiki password policy. Phase 2 is being planned and will address 2FA for privileged users.