FYI.
Hello,
Many of you may have been receiving emails in the last 24 hours warning you
of "Multiple failed attempts to log in" with your account. I wanted to let
you know that the Wikimedia Foundation's Security team is aware of the
situation, and working with others in the organization on steps to decrease
the success of attacks like these.
The exact source is not yet known, but it is not originating from our
systems. That means it is an external effort to gain unauthorized access to
random accounts. These types of efforts are increasingly common for
websites of our reach. A vast majority of these attempts have been
unsuccessful, and we are reaching out personally to the small number of
accounts which we believe have been compromised.
While we are constantly looking at improvements to our security systems and
processes to offset the impact of malicious efforts such as these, the best
method of prevention continues to be the steps each of you take to
safeguard your accounts. Because of this, we have taken steps in the past
to support things like stronger password requirements,[1] and we continue
to encourage everyone to take some routine steps to maintain a secure
computer and account. That includes regularly changing your passwords,[2]
actively running antivirus software on your systems, and keeping your
system software up to date.
My team will continue to investigate this incident, and report back if we
notice any concerning changes. If you have any questions, please contact
the Support and Safety team (susa{{(a)}}wikimedia.org).
John Bennett
Director of Security, Wikimedia Foundation