**Firstly, This task WILL be public after the checklist below is complete. If sharing information or comments, make it reasonable for public disclosure.**
We've been made aware very recently that a [[https://jawp2ch.miraheze.org/wiki/MediaWiki:Gadget-Poll.js|script on a wiki community]]. Example of potential data that can accessed easily is [[https://jawp2ch.miraheze.org/wiki/ファイル:投票DB_スクリーンショット例_2018-01-15.jpg|here]] however more sensitive data is being sent and received.
This has to be assumed as a very serious security incident and a direct violation of the privacy policy.
Steps that should be taken are:
[ ] Remove the script.
[ ] Contact those who made the script/bureaucrats and inform this is unacceptable.
[ ] Wipe all user logins.
[ ] Inform everyone with an account on the wiki that there data may have been compromised.
[ ] Implement controls (CSP).
[ ] Disclose publicly on Meta this.
Added to this ticket is all security, Void (reasonable and supporting) and the The Pioneer (reporter).