Within the last 24 hours, (at least) four Wikipedia administrators have had their accounts hacked, resulting in four deletions of the main page, and a bit of other vandalism. It appears that each one had a weak, easily guessed password. All editors, admin or no, should change weak passwords immediately, on all Wikimedia projects. No “password”, “fuckyou”, “wikipediarocks”, cat’s names, dictionary words, meaningful numbers, etc.
For more, see:
- David Gerard’s report on what the developers are doing about this
- Discussion on wiki: here, here, here, here, here
- Thatcher131’s Signpost write-up of the events
I should probably note that I suggested the password scan (on wikitech-l), then popped onto IRC (#wikimedia-tech) and suggested it again 🙂 Tim was iffy, Greg was all for it and Brion (the decider) ran something Greg had written.
well it was solved and the admins did do their job