Jump to content

Talk:Wikimedia Foundation/March 2025 discovery of account compromises

Add topic
From Meta, a Wikimedia project coordination wiki
Latest comment: 1 day ago by Leaderboard in topic Two Factor Authentication

Number of accounts

[edit]

Are you sure about number of locked accounts? According to this query it is 37,669.--Nemoralis (talk) 22:48, 27 March 2025 (UTC)Reply

Nevermind, phab:T389728 Nemoralis (talk) 22:54, 27 March 2025 (UTC)Reply

Two Factor Authentication

[edit]

Thanks for sharing this information. This incident was well managed. But I believe it's a warning. The development of 2FA (stalled for the moment) should continue. All users should be able to activate 2FA, and in addition to TOTP, tokens like FIDO U2F should also be available. MBq (talk) 05:34, 28 March 2025 (UTC)Reply

Strong support Strong support to active 2FA for all users. -- Mr. Ibrahem (talk) 06:27, 28 March 2025 (UTC)Reply
No, because Wikimedia is too large to handle users that don't know how to work with 2FA. At the very least I don't see this as tenable unless SMS authentication (even if it's not secure) is introduced. Leaderboard (talk) 07:07, 28 March 2025 (UTC)Reply
Understood, but one of the foundations’s goals is to empower people, which imho includes access to state-of-the-art security when using our site. Probably some A/B testing in smaller communities would help to anticipate the problems you’re adressing? MBq (talk) 15:09, 28 March 2025 (UTC)Reply
First, they need to include the additional authentication options. Then we can look into expanding 2FA access. Leaderboard (talk) 07:40, 2 April 2025 (UTC)Reply
Any user can already activate 2FA. The process for this is pretty much just asking the stewards at SRGP and attest that you actually read the help page. EggRoll97 (talk) 02:47, 30 March 2025 (UTC)Reply

How to get unlocked

[edit]

One majour question is that how to get unlocked for an affected person. One of the active admin (User:Vijayanrajapuram) in Malayalam Wikipedia got locked. He is saying that he never used his wikimedia password anywhere else. And we cannot loose him in Malayalam proejct. So the question is what are the procedure to get unlocked. Ranjithsiji (talk) 17:33, 1 April 2025 (UTC)Reply

Many users were contacted with unlock directions already, if they were not, they should send an email to ca@wikimedia.org. Ensure they include their username. — xaosflux Talk 17:54, 1 April 2025 (UTC)Reply