Board Thread:General Discussion/@comment--20150810171627/@comment-168424-20150810201232

Ciencia Al Poder wrote: Fandyllic wrote: Not much info in this announcement. What kind of user info could have been compromised? Did hackers access the Wikia user DB? Why couldn't Wikia just disable JS imported from outside the wikia.com domain?

My guess is that someone put JS to redirect the login form to an external website, so users that were using the login form on the affected wiki were sending their credentials to the attacker instead of logging into wikia.

That's pretty evil, but I could see that happening. I assume this evildoer would have to be an admin to do this for it to affect other users?