A self-propagating JavaScript worm briefly infected Wikimediaβs Meta-Wiki, injecting malicious loaders into user common.js files and the global MediaWiki:Common.js and modifying thousands of pages. Wikimedia engineers temporarily disabled editing, removed the injected code, and say the script was active for 23 minutes with no evidence of a data breach while they restore content and strengthen protections. #WikimediaFoundation #MetaWiki
Keypoints
- A malicious script hosted as User:Ololoshka562/test.js executed and propagated across Wikimedia projects.
- The worm injected loaders into User:/common.js and MediaWiki:Common.js to achieve user-level and site-wide persistence.
- Approximately 3,996 pages were modified and about 85 users had their common.js files replaced during the incident.
- Wikimedia engineers temporarily restricted editing, reverted malicious changes, and suppressed affected revisions while cleaning up.
- The Foundation reports the code was active for 23 minutes on Meta-Wiki, caused no permanent damage, and is implementing additional security measures.