Earlier today a vulnerability was uncovered that might have permitted
unauthorized users to manipulate project membership or create or delete
VMs within cloud-vps. That issue has since been resolved, and there is
currently no evidence that anyone exploited it.
Nevertheless, out of an abundance of caution: if you are a project
admin, please review the members and projectadmins of your project. If
you see any unknown or untrusted users or unexpected instances, remove
them and notify me directly about what you found and what you've done.
-Andrew + the WMCS team
Wikimedia Cloud Services announce mailing list
Cloud-announce(a)lists.wikimedia.org (formerly labs-announce(a)lists.wikimedia.org)