Account compromises are an issue that every organization with user accounts has to deal with and mitigate. Depending on the level of privileged access a compromised account has, it is possible that it could cause severe damages to the individual and organization. One site where an account compromise could have potentially significant impacts would be Wikipedia, a free online encyclopedia with information about almost everything. Therefore, the accuracy and reputation of the site is crucial to its success. Administrators on the site have the ability to perform many different actions on the site itself as well as other users. If a threat actor were to get access to an administrator’s account, they could cause damage to Wikipedia as a whole as well as to the reputation of the user. When Wikipedia was first started in 2001, when a user account was promoted to a privileged administrator role, they were an “administrator for life”. However, in June 2011, the community changed the policy where an administrator could have their privileges revoked if they were inactive for at least 12 months.. This study explores two questions. First, we analyze the log data to determine key indicators of a compromise. Using this information, we then seek to use a natural experiment to better understand the effects of the inactive privileged account revocation policy on account compromises. By answering these questions, we will gain a better understanding of how this type of policy improves the security of large open source web based communities.
Kaufman, Jonathan and Kreider, Christopher, "ACCOUNTS THAT NEVER EXPIRE: AN EXPLORATION INTO PRIVILEGED ACCOUNTS ON WIKIPEDIA" (2022). SAIS 2022 Proceedings. 39.