Administration from Debian and Python project official websites confirmed that their WIKI servers were compromised by some unknown hackers recently. Hackers was able to hack because of several vulnerabilities in βmoinβ package.
According to Brian Curtin at Python Project, Hacker user some unknown remote code exploit on Python Wiki server (https://wiki.python.org/) and was able to get shell access. The shell was restricted to βmoinβ user permissions, where but no other services were affected. Attacker deleted all files owned by the βmoinβ user, including all instance data for both the Python and Jython wikis.
Python Software Foundation encourages all wiki users to change their password on other sites if the same one is in use elsewhere. For now, Python Wiki is down and team is investigating more about breach.
Where as in Debian Wiki (https://wiki.debian.org/) security breach, user use some known vulnerabilities Directory traversal (CVE-2012-6080, CVE-2012-6495), Multiple unrestricted file upload vulnerabilities (CVE-2012-6081), Cross-site scripting (XSS) vulnerability (CVE-2012-6082).
Luca from Debian also mention,βWe have reset all password hashes and sent individual notification to all Debian wiki account holders with instructions on how to recover their passwordsβ.
In case of Debian, hacker compromise only βwikiβ user and have captured the email addresses and corresponding password hashes of all wiki editors. βThe attacker(s) were particularly interested in the password hashes belonging to users of Debian, Intel, Dell, Google, Microsoft, GNU, any .gov and any .edu.β
Both servers was compromised in December 2012, but it is not clear yet that same hacker do both hacks or not.