Slashdot Mirror

← Back to Stories (view on slashdot.org)

Wikipedia Leaks Some Users' Passwords

Posted by Zonk on from the not-a-good-trend dept.

JJ Budion writes "If you've signed up for an account on Wikipedia.org, you may want to check this page to make sure you're not on there. It seems certain users with identical password hashes can find other user names with the same password, and Wikipedia (despite being alerted) has done nothing about the problem for the last year. A good (although slightly inflammatory) description of the problem can be found here. This is probably a good occasion to remember to use strong passwords (apparently only users with common passwords, like dictionary words, are affected)."

4 of 238 comments (clear)

  1. Shame on Wiki by goldspider · · Score: 3, Insightful

    If they're going to succeed in portraying Wikipedia as a mature, reliable alternative to traditional encyclopedias, then they aught to make damned sure that their ducks are in a row. Their disregard of customer concerns is a shameful.

    If, in the long-term, Wikipedia's image is tarnished by this, it is well-deserved.

    --
    "Ask not what your country can do for you." --John F. Kennedy
  2. 40 years of UNIX by Jeffrey+Baker · · Score: 4, Insightful

    Salt, anyone?

  3. Re:You're missing the point by idontgno · · Score: 3, Insightful
    Those heading titles aren't the passwords themselves, just one member from the group. The original passwords are encrypted and unknown. These are users with the same hash.

    Yes, and as such everyone in the same heading now knows the password for everyone else in the same heading. Given the high likelihood that many of the accounts are trolls, that means if innocent Wikipedian "you" happen to share a password with a troll, that troll knows it now. Lucky you.

    they're mostly from trolls.

    What, only "mostly"? Not a very strong assertion in the face of a potential privacy violation. C'mon, if you're gonna assert that you intend to "out" only the trolls, you need to stick to the story. Admitting that the list is "mostly" trolls is admitting that the list is "partially" innocents. Who have now been screwed.

    As the page says, "all the accounts listed on this page have been created solely for the purpose of trolling."

    Well, then, obviously there's no story. Silly us. The creator of the page says there's no innocents listed, therefore there are no innocents listed.

    In related news, Microsoft Windows is the most secure server OS EVAR!!! MS's Marketing department sed so!

    Only when that claim is disproven does the page become a worry.

    No, in a sane world, the page is a worry until the counterclaim is positively proven: that there are demonstrably no innocent user IDs on the page.

    Until then, I'm gonna watch that page and its automated incarnation (if it occurs) very carefully. I have been a moderately active Wikipedian up until now, but if I'm gonna get carpet-bombed just because I accidentally move in next door to a troll, I'll find someplace else to contribute.

    --
    Welcome to the Panopticon. Used to be a prison, now it's your home.
  4. Re:accusing the author of trolling to distract us by STrinity · · Score: 3, Insightful

    Trolls deserve nothing.

    Frankly, I don't care if they rape nuns, kill puppies for sport, and eat kittens for breakfast. You should not compromise security, even this trivially, for any reason.

    If you were so stupid as to use a common word for a password and couldn't even be bothered to do something like change it to "pass45word" then you deserve whatever happens.

    It's Wikipedia, not Amazon or PayPal. Most people don't care enough to use a strong password.

    --
    Les Miserables Volume 1 now up with my reading of