Board Thread:General Discussion/@comment--20151004230850

Hi everyone,

Today, an attacker appears to have gained access to a staff account that we use for some QA (Quality Assurance) testing and used its staff privileges to close and redirect some of our most popular wikias to an empty, abandoned community.

Luckily, thanks to the diligence of our weekend staff members, top admins, and to our VSTF members, we were able to become aware of the issue very quickly despite it happening over normally quiet weekend hours.

Our engineering staff was called in and was able to mass undo these changes fairly quickly. The event in total lasted approximately an hour. In the next few hours, Wikia Staff will try to identify how the testing account was compromised and make immediate changes to make sure it won’t happen again. We have no reasons to believe any other accounts were compromised or that there was an attack vector that involved Cross-Site Scripting or other forms of hacking.

We truly apologize for the inconvenience and thank the community members affected by this for their patience. We will update this when we have more details we can share.

UPDATE 1: Further complications from this event led to more downtime on the evening of October 5th (UTC). See here.

UPDATE 2: Site now appears to be stable, we are considering this crisis triaged. We will post a full update on our Technical Updates later today. see here. 