Hello, Today we have seen Phabricator vandalism from an attacker who was also responsible for the Gerrit outage yesterday. I’d like to clarify a comment I made yesterday and provide as many additional details as I can while still maintaining operational security.
While no user accounts were compromised the attacker leveraged a vulnerability in Gerrit to comprise a single staff account. This discovery is what lead to taking Gerrit offline so an investigation could occur, the vulnerability could be remediated and the service restored. However, no further evidence of compromise was discovered and additional security controls prevented malicious activities from being executed using the compromised staff account. We will continue to monitor the situation and will provide updates on this list and on the Phabricator task https://phabricator.wikimedia.org/T218472. Thanks John On Sat, Mar 16, 2019 at 2:25 PM John Bennett <[email protected]> wrote: > Hello, > > Gerrit is available again but we are continuing to investigate the > suspicious activity. Our preliminary findings point to no users or > production systems being compromised and no loss of any confidential > information. As we continue to investigate over the next few days we will > add any appropriate updates to the phabricator task ( > https://phabricator.wikimedia.org/T218472 ) . > > Thanks > > > On Sat, Mar 16, 2019 at 10:26 AM John Bennett <[email protected]> > wrote: > >> Hello, >> >> >> On 16 March 2019, Wikimedia Foundation staff observed suspicious activity >> associated with Gerrit and as a precautionary step has taken Gerrit offline >> pending investigation. >> >> >> The Wikimedia Foundation's Security, Site Reliability Engineering and >> Release Engineering teams are investigating this incident as well as >> potential improvements to prevent future incidents. More information will >> be posted on Phabricator (https://phabricator.wikimedia.org/T218472 ) as >> it becomes available and is confirmed. If you have any questions, please >> contact the Security ([email protected] >> <[email protected]>). >> >> >> Thanks >> > _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
