Traditionally, each Tuesday and Thursday, we release system updates to add new features and fix bugs on Wikia. This week, we have cancelled both our releases and I would like to spend some time explaining why.
On Sunday, an attacker appears to have gained access to a staff account that we used for QA (Quality Assurance) testing and used its staff privileges to close and redirect some of our most popular wikias. Our weekend staff and VSTF caught this issue quickly and we were able to undo most of the damage within two hours.
However, the attacker was able to use a different strategy Monday to regain access to a number of staff accounts. At that time, we elected to throw our network into read-only mode (preventing the attacker from making any changes to our platform) while locking down our staff accounts and login system.
As of early Tuesday morning, the site has been up and running as expected. Because of this attack, our engineers have decided to spend the rest of the week focusing on protecting important internal data and making changes where needed to increase our security and have elected to cancel this week’s scheduled product release. I would like to reassure the community that very few accounts or communities were impacted and owners of the affected accounts have already been contacted.
We would certainly like to thank our community for your patience as we continue to improve Wikia’s security. While no online company enjoys or wants an attack like this to happen, we are going to turn this into a positive opportunity to make Wikia stronger today and in the years to come.
Want to be notified about technical updates when they are posted? Then click here to follow this blog.
|Recent technical updates|