User talk:Surjection

Hello, we are sending this message to inform you that your account was one of 97 registered Wikimedia accounts affected by malicious code as part of a recent security incident. This occurred only because you visited Meta-Wiki at a specific time.

This incident was caused by a malicious user script "worm" that was unintentionally activated during a security review by the Wikimedia Foundation staff. The worm modified MediaWiki:Common.js, causing Meta-Wiki visitors to edit or delete various pages during the approximately 23 minutes that this worm was operational.

We have analyzed the malicious user script and reviewed our internal and public logs. We have found no evidence that your account credentials were compromised, or that your account was used to conduct any other actions on Wikimedia projects besides editing or deleting random pages. We have no reason to believe that Wikipedia was under attack, or that any information about your account was breached as part of this incident.

All edits caused by the script have been reverted, and the deleted pages have been restored.

We apologize for any disruption this incident caused you, and are working to prevent this kind of incident from happening again. You can learn more about that security work, and further details about this incident, on our project page.

Regards, on behalf of the Wikimedia Foundation Product Safety and Integrity team, SGrabarczuk (WMF) (talk) 17:18, 26 March 2026 (UTC)Reply