Change Details

**Firstly, This task WILL be public after the checklist below is complete. If sharing information or comments, make it reasonable for public disclosure.** We've been made aware very recently that a [[https://jawp2ch.miraheze.org/wiki/MediaWiki:Gadget-Poll.js|script on a wiki community]]. Example of potential data that can accessed easily is [[https://jawp2ch.miraheze.org/wiki/ファイル:投票DB_スクリーンショット例_2018-01-15.jpg|here]] however more sensitive data is being sent and received. This has to be assumed as a very serious security incident and a direct violation of the privacy policy. Steps that should be taken are: [ ] Remove the script. [ ] Contact those who made the script/bureaucrats and inform this is unacceptable. [ ] Wipe all user logins. [ ] Inform everyone with an account on the wiki that there data may have been compromised. [ ] Implement controls (CSP). [ ] Disclose publicly on Meta this. Added to this ticket is all security, Void (reasonable and supporting) and the The Pioneer (reporter).

**Firstly, This task WILL be public after the checklist below is complete. If sharing information or comments, make it reasonable for public disclosure.** We've been made aware very recently that a [[https://jawp2ch.miraheze.org/wiki/MediaWiki:Gadget-Poll.js|script on a wiki community]]. Example of potential data that can accessed easily is [[https://jawp2ch.miraheze.org/wiki/ファイル:投票DB_スクリーンショット例_2018-01-15.jpg|here]] however more sensitive data is being sent and received. This has to be assumed as a very serious security incident and a direct violation of the privacy policy. Steps that should be taken are: [x] Remove the script. [ ] Contact those who made the script/bureaucrats and inform this is unacceptable. [x] Wipe all user logins. [ ] Inform everyone with an account on the wiki that there data may have been compromised. [ ] Implement controls (CSP). [ ] Disclose publicly on Meta this. Added to this ticket is all security, Void (reasonable and supporting) and the The Pioneer (reporter).

**Firstly, This task WILL be public after the checklist below is complete. If sharing information or comments, make it reasonable for public disclosure.** We've been made aware very recently that a [[https://jawp2ch.miraheze.org/wiki/MediaWiki:Gadget-Poll.js|script on a wiki community]]. Example of potential data that can accessed easily is [[https://jawp2ch.miraheze.org/wiki/ファイル:投票DB_スクリーンショット例_2018-01-15.jpg|here]] however more sensitive data is being sent and received. This has to be assumed as a very serious security incident and a direct violation of the privacy policy. Steps that should be taken are: [ x] Remove the script. [ ] Contact those who made the script/bureaucrats and inform this is unacceptable. [ x] Wipe all user logins. [ ] Inform everyone with an account on the wiki that there data may have been compromised. [ ] Implement controls (CSP). [ ] Disclose publicly on Meta this. Added to this ticket is all security, Void (reasonable and supporting) and the The Pioneer (reporter).