this post was submitted on 05 Mar 2026
148 points (98.7% liked)

Technology

82261 readers
5108 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
148
Wikipedia were in read-only mode following mass admin account compromise (www.wikimediastatus.net)
submitted 2 hours ago* (last edited 2 hours ago) by Beep@lemmus.org to c/technology@lemmy.world
13 comments fedilink hide all child comments
 
top 13 comments
sorted by: hot top controversial new old
[–] pelespirit@sh.itjust.works 86 points 2 hours ago (1 children)

We must protect wikipedia, they're our only safe place right now.

[–] Canconda@lemmy.ca 32 points 2 hours ago (1 children)

Ya tonight Im gonna start torrenting one of the backups. I don't normally seed more than 2x ratio but I think this one will be set to trickle seed and stay on for at least 10x

[–] e8CArkcAuLE@piefed.social 12 points 1 hour ago

please do if you have the storage space and bandwith

[–] TheTechnician27@lemmy.world 41 points 2 hours ago* (last edited 2 hours ago) (1 children)

Oh, fuck, this is going to be interesting to read about. Just to clarify: it seems like this wasn't just Wikipedia but Wikimedia generally. So that's also e.g. Wiktionary, Wikimedia Commons, Wikidata, etc.

Edit: Decided to check Reddit, and someone posted an ostensibly good summary on /r/wikipedia.

[–] Takapapatapaka@tarte.nuage-libre.fr 56 points 1 hour ago (4 children)

Shameless copy/paste of the main info if anyone wants to catch a glimpse without going to reddit :

Summary of events:

On 5 March 2026, a Wikimedia Foundation employee accidentally imported a malicious script to his account on Meta-Wiki while testing global API limits for user scripts (see his global.js page history). The malicious script was created in 2023 to attack two Russian-language alternative wiki projects, Wikireality and Cyclopedia. In 2024, user Ololoshka562 created a page on the Russian Wikipedia containing the script used in these attacks. The script, which had been sitting dormant on ruwiki for 1.5 years, then spread to several accounts on Meta, including WMFOffice, and mass-deleted pages in namespaces 0–3, leaving behind an edit summary of "Закрываем проект", Russian for "Closing the project". The staff member, as a global interface administrator, has permission to edit meta:MediaWiki:Common.js, which allowed the script to infect any user who visited Meta-Wiki while it was active. To prevent the script from spreading further, all Wikimedia projects were set to read-only for about 2 hours, and all user JavaScript was temporarily disabled.

Post from WMF staff member on Discord:

Hey all - as some of you have seen, we (WMF) were doing a security review of the behavior of user scripts, and unintentionally activated one that turned out to be malicious. That is what caused the page deletions you saw on the Meta log, which are getting cleaned up. We have no reason to believe any third-party entity was actively attacking us today, or that any permanent damage occurred or any breach of personal information.

We were doing this security review as part of an effort to limit the risks of exactly this kind of attack. The irony of us triggering this script while doing so is not lost on us, and we are sorry about the disruption. But the risks in this system are real. We are going to continue working on security protections for user scripts – in close consultation with the community, of course – to make this sort of thing much harder to happen in the future.

[–] thebestaquaman@lemmy.world 26 points 1 hour ago (1 children)

To be fair I would assume that it's better to trigger something like this during a security review when people are actively "online" and focused on security risks than at some other time.

[–] SnotFlickerman@lemmy.blahaj.zone 5 points 1 hour ago

Absolutely and it helped prove why they needed to do this security review to begin with as well as will teach them the nature of how this user script worked so they can put up guardrails for this specific type of attack. An unfortunate event but as long as they are using it to learn from and strengthen their security, overall it's a good thing.

[–] Gullible@sh.itjust.works 24 points 1 hour ago (1 children)

That’s hilarious, and I cannot imagine how stressed out that employee is.

[–] db2@lemmy.world 14 points 1 hour ago* (last edited 1 hour ago) (1 children)

After that kind of learning experience that employee needs a reprimand and a raise in that order. You can bet that shit won't happen twice! 😆

[–] crandlecan@mander.xyz 2 points 1 hour ago (1 children)

You want even more Management?? 😨

[–] db2@lemmy.world 6 points 1 hour ago

Raise and promotion are not synonyms.

[–] TheTechnician27@lemmy.world 12 points 1 hour ago* (last edited 1 hour ago)

Danke. This should easily be fine for anyone who's slightly-to-moderately interested; some of the nitty-gritty details like hyperlinks to the edit diffs are excluded from this copy–paste for those who really know their stuff and want to learn more.

[–] Sims@lemmy.ml 1 points 42 minutes ago

"The malicious script was created in 2023 to attack two Russian-language alternative wiki projects, Wikireality and Cyclopedia."

So this was a US/Ukrainian attack on Russia that backfired ?? Weird 'friendly fire' situation..