---------- Forwarded message ---------
From: David Sharpe <dsharpe(a)wikimedia.org>
Date: Fri, Jan 17, 2020 at 2:55 AM
Subject: [Wikitech-l] 14 January 2020 security incident on Phabricator
To: <wikitech-l(a)lists.wikimedia.org>
Hello,
On 14 January 2020, staff at the Wikimedia Foundation discovered that a
data file exported from the Wikimedia Phabricator installation, our
engineering task and ticket tracking system, had been made publicly
available. The file was leaked accidentally; there was no intrusion. We
have no evidence that it was ever viewed or accessed. The Foundation's
Security team immediately began investigating the incident and removing the
related files. The data dump included limited non-public information such
as private tickets, login access tokens, and the second factor of the
two-factor authentication keys for Phabricator accounts. Passwords and
full login information for Phabricator were not affected -- that
information is stored in another, unaffected system.
The Security team has investigated and assesses that there is no known
impact from this incident. However, out of an abundance of caution, we are
resetting all Two-Factor Authentication keys for Phabricator and
invalidating the exposed login access tokens. Additionally, we continue to
encourage people to engage in online security best practices, such as
keeping your software updated and resetting your passwords regularly.
The Foundation will continue to investigate this incident and take steps to
prevent it from occurring again in the future. In the meantime, Phabricator
is online and functioning normally. We regret any inconvenience this may
have caused and will provide updates if we learn of any further impact.
Respectfully,
David Sharpe
Senior Information Security Analyst
Wikimedia Foundation
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l