This means that the editothersprofiles right must be removed from all wikis currently, and removed from default permissions.
Description
Related Objects
Event Timeline
As a followup to this task, we're thinking of modifying modifyGroupPermission.php so that it can remove a permission from all groups that contain it. This would make it easier to strip the right, as currently there are still wikis that have it. Hence https://git.io/fhwOy was done as a temporary measure.
You’d have to make a maint script to do and it’s easier to make a maintenance script loop all groups then modify a single purpose function to do the job.
IMHO the maint script is the solution.
Confirmed so far: this right was assigned to the 'sysop' group on all wikis with this extension enabled (as of this moment 86 wikis) since February 8, 2017.
I have searched through all access log files on the cache proxies to see if Special:EditProfile was accessed. There was one hit (P173) and it does look like the email address of this user was changed..?
Query to fetch all log entries (not sure how to find out *IF* email address was changed) where target user does not equal actor:
select log_title,actor_name from logging inner join user on logging.log_title = user.user_name inner join actor on logging.log_actor = actor.actor_id where log_type = 'profile' and log_title <> actor_name;
Reults: P174
If it helps, I discovered this by accidentally stripping the email from two or three spambot accounts on allthetropeswiki.
Notices have been put on Meta, Facebook and Twitter. Emails have been sent out as necessary.