Wikipedia temporarily disabled editing after a malicious script was discovered, causing page deletions and a Russian message. The code was inactive for nearly two years before activation.
© E. Vartanyan
The Wikimedia Foundation has temporarily disabled editing capabilities for Wikipedia and related projects after discovering malicious JavaScript code. Users noticed suspicious activity: the script could delete pages and leave a message in Russian saying "Closing the project" in edit descriptions.
The malicious file was linked to the WMFOffice account. It used the administrator extension Special:Nuke for mass page deletion, selecting materials at random. The script also attempted to add a non-existent image. As it turned out, the code was uploaded back in March 2024 and remained inactive for nearly two years.
The incident occurred during an internal review of user scripts: security specialists accidentally activated the "sleeping" file, quickly recognized the threat, and switched the sites to read-only mode. According to the foundation, the code was active for only 23 minutes, during which it managed to make some changes, but serious damage was avoided—materials are already being restored.
Wikimedia emphasized that the vulnerability has been fixed and protective measures will be strengthened to prevent similar cases in the future. The user who presumably uploaded the test.js file has been blocked.