[05:51:03] <wm-bb>	 <Hugo_Lz> https://tools-static.wmflabs.org/bridgebot/57d2d038/file_78379.jpg
[05:58:13] <wm-bb>	 <Hugo_Lz> This timeline states it s now solved but doesnt explain what happened. From what i understand from above comments it was and user account xompromised who then edited the a MediaWiki:Common.js or similar to then inject some js tracker and mess on wikipages and edits. (re @fuzheado: Better to watch the status than to open up random JS :)
[05:58:13] <wm-bb>	 <Hugo_Lz> https://wikimedia.statuspage.io/incidents/z7qjmqtrh8yq)
[06:10:29] <wm-bb>	 <sjoerddebruin> The domain was unregistered at the time (re @Hugo_Lz: Just a tracker, nothing hostile yesterday ? Is there a known public report and explainer on this event ?)
[06:42:08] <wm-bb>	 <Jan_ainali> https://meta.wikimedia.org/wiki/Wikimedia_Foundation/Product_and_Technology/Product_Safety_and_Integrity/March_2026_User_Script_Incident (re @Hugo_Lz: Just a tracker, nothing hostile yesterday ? Is there a known public report and explainer on this event ?)
[07:43:48] <wm-bb>	 <cvictorovich> We’re safe now (re @Jan_ainali: https://meta.wikimedia.org/wiki/Wikimedia_Foundation/Product_and_Technology/Product_Safety_and_Integrity/March_2026_User_Script_...)
[07:44:49] <wm-bb>	 <cvictorovich> I happen to witnessed the story
[07:46:48] <wm-bb>	 <Hugo_Lz> Cool, merci @Jan_ainali & co. (re @Jan_ainali: https://meta.wikimedia.org/wiki/Wikimedia_Foundation/Product_and_Technology/Product_Safety_and_Integrity/March_2026_User_Script_...)
[11:34:57] <wm-bb>	 <waldyrious> It's going to be covered in the next Signpost :) (re @Hugo_Lz: Its a bit short for my geek curiousity but still, merci @Jan_ainali & co.)
[11:43:53] <wm-bb>	 <waldyrious> There are also several comments with additional context in the Phabricator task (T419143).
[11:43:53] <wm-bb>	 <waldyrious> Note: I realize others are likely aware of this and may be deliberately avoiding adding to the conversation, and although I do feel it's not appropriate for people to go around pasting the script code, etc., I do also believe security by obscurity is not a robust practice (and not aligned with the Wikimedia way in particular), and in any case, technical analysis
[11:43:53] <wm-bb>	 of the incident i <clipped message>
[11:43:55] <wm-bb>	 <waldyrious> s indeed valuable and interesting, and there's some of it in the task comments.
[12:18:49] <wm-bb>	 <fuzheado> There are very valid reasons not to copy/paste malicious code just as a safe practice, so characterizing it as  "security through obscurity" may be too harsh. (re @waldyrious: There are also several comments with additional context in the Phabricator task (T419143).
[12:18:50] <wm-bb>	 <fuzheado> Note: I realize others are likely aw...)
[12:30:38] <wm-bb>	 <waldyrious> Certainly. I apologize for writing in a way that suggested I espouse that stance. I meant to refer to the avoidance of discussing the topic. But in retrospect, that expression is an unkind way to address well-intentioned behavior regardless, so I will avoid it in the future. Thanks for the heads-up! (re @fuzheado: There are very valid reasons not to
[12:30:38] <wm-bb>	 copy/paste/spread malicious co <clipped message>
[12:30:40] <wm-bb>	 <waldyrious> de just as a safe practice, so characterizing it as  "security...)
[12:31:14] <wm-bb>	 <waldyrious> (and sorry for the overly flourished language, for some reason today it's coming out like this 😅)
[12:55:10] <wm-bb>	 <fuzheado> No worries - as Wikimedians we are pathological knowledge sharers, so when information is restricted it feels very uncomfortable (myself included) :) (re @waldyrious: Certainly. I apologize for writing in a way that suggested I espouse that stance. I meant to refer to the avoidance of discussin...)