Firstly, This task WILL be public after the checklist below is complete. If sharing information or comments, make it reasonable for public disclosure.
We've been made aware very recently that a script on a wiki community. Example of potential data that can accessed easily is here however more sensitive data is being sent and received.
This has to be assumed as a very serious security incident and a direct violation of the privacy policy.
Steps that should be taken are:
- Remove the script.
- Contact those who made the script/bureaucrats and inform this is unacceptable.
- Wipe all user logins.
- Inform everyone with an account on the wiki that there data may have been compromised.
- Implement controls (CSP).
- Disclose publicly on Meta this.
Added to this ticket is all security, Void (reasonable and supporting) and the The Pioneer (reporter).