Hello,
Gerrit is available again but we are continuing to investigate the
suspicious activity. Our preliminary findings point to no users or
production systems being compromised and no loss of any confidential
information. As we continue to investigate over the next few days we will
add any appropriate updates to the phabricator task (
https://phabricator.wikimedia.org/T218472 ) .
Thanks
On Sat, Mar 16, 2019 at 10:26 AM John Bennett <jbennett(a)wikimedia.org>
wrote:
Hello,
On 16 March 2019, Wikimedia Foundation staff observed suspicious activity
associated with Gerrit and as a precautionary step has taken Gerrit offline
pending investigation.
The Wikimedia Foundation's Security, Site Reliability Engineering and
Release Engineering teams are investigating this incident as well as
potential improvements to prevent future incidents. More information will
be posted on Phabricator (
https://phabricator.wikimedia.org/T218472 ) as
it becomes available and is confirmed. If you have any questions, please
contact the Security (security(a)wikimedia.org
<trustandsafety(a)wikimedia.org>)g>).
Thanks