On January 7, the Python Software Foundation (PSF) urged users to immediately change their passwords since they had detected a breach on wiki.python.org. The attackers gained access to their servers and destroyed all the wiki data for Python, Jython and PSF.“An analysis of the incident revealed that an exploit had been planted on our servers possibly as early as July 25 2012, which allowed arbitrary execution of code under the user running the MoinMoin wiki,” PSF representatives explained.
An analysis of the attack revealed that the cybercriminals used the same exploit as the one utilized in the security breach that affected the Debian wiki back in July 25, 2012.
It appears that there were two different attackers. One used a vulnerability to upload an action plugin, and the second one leveraged it to delete the files.
On January 25, the organization managed to restore the wiki servers, but they’re currently running only in test mode. In the upcoming period, additional security measures will be implemented.