DWG username impersonation

A mapper was able to rename their account to an identical username used by DWG for repairs, allowing them to revert dozens of changesets and remove the Russian language from OSM with a concerning message.

I’m not sure how this was possible, but it raises questions about account security. Is there a way to prevent this from happening again?

I must admit, I was taken aback to think that such changesets could have been initiated by someone affiliated with DWG.

I am equally shocked that the user only received a 24-hour block for their actions. This behavior should not be tolerated, and in my opinion, a user ban and automatic reversion of all changesets would have been more appropriate.

Given the scale of these changesets across the world, I anticipate there will be many comments and discussions about this today which could have been avoided.

37 posts - 17 participants

Read full topic

Ce sujet de discussion accompagne la publication sur https://community.openstreetmap.org/t/dwg-username-impersonation/101212