Hello, wikians, you should probably be aware of this: http://community.wikia.com/wiki/Thread:890734
CNN version as far as I understand it:
- Somebody used .js to read peoples passwords from the login form on every page, so Wikia did an emergency shutdown of all .js
- something about $('#passwordInput').val()
- Community agrees that having the login form on every page is pretty much stupid (security wise) and unecessary
- Community also agrees 2fa is a good idea (https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm)
- like the e-mail authentication when you log in from a new device or something
- Wikia is hesitant about putting in 2fa because of making the registration process more complicated and pushing away new users
- "For instance, 2FA is totally something that would strengthen security. But it would also cause more log in issues and maybe detract some people from joining Wikia. The more steps you put in the registration process, the more likely it is for someone to feel it's not worth it (and joining Wikia is worth it!)"
- community thinks that's bullshit >.>
Only a handful of wiki's were attacked (ours was not one of them), and the attack would only effect you if you manually typed in your password. So if you logged in via our wiki, have your browser auto-fill the password field, or just haven't manually logged in in the past forever and a day, you're probably fine.
However, it might still be prudent to change your passwords as a precautionary measure.
If this security issue concerns you at all, please change your passwords. Thank you for your attention.