Board Thread:General Discussion/@comment-27023597-20151019171613/@comment-1757994-20151019200148

NoStringsOnJay wrote: ... some retard decided to hack it ...

There are well-founded web security design principles that Wikia decided to ignore, like put user login on a separate page, don't run js on the login page, and redirect to a different page upon successful login. Wikia decided to ignore those principles and to put a login form on every page. And it got hacked.

Rather than secure their own design, they've decided to perpetuate their flawed design and to impose restrictions on all their customers. Unfortunately for them, absolute control only works completely in some ideal world that doesn't exist, so even if they never ease the restrictions, another hack is eventually inevitable. All it'll take is for someone to discover a cross-site scripting vulnerability, then the fact that Wikia controls all scripts on all wikis won't matter.

Was the hacker a bad person? Sure. But don't delude yourself that Wikia is without blame.