171

Warning: lemmy.world just got hacked

posted
by
Avatar
darrsil@beehaw.org
in
Avatar
support@beehaw.org
45 comments
hidereport

I would be cautious about viewing any Lemmy.world communities right now, and the Beehaw admins should make sure their credentials are locked down in case they get targeted next.

Sort:
HotTopControversialNewOld
You are viewing a single thread.
View all comments View context
Avatar
Zephyrix@kbin.social
7 points
*

This was not a social engineering. It was a JavaScript injection that stole browser cookies, bypassing password changes and 2FA.

However, it seems lemmy.world was running a custom version of the UI. So it’s possible that it only affected their instance. Hard to say at this point.

permalink
report
parent
reply
Avatar
loobkoob@kbin.social
2 points

Oh, well in that case it’s a little more concerning. But I don’t expect it to be a long-term issue. It certainly isn’t a serious blow to my confidence in the security of the fediverse, that’s for sure! It being a somewhat minor breach may be a blessing, also; it means there’ll almost certainly be more of a focus on security going forward before something more serious happens.

permalink
report
parent
reply

Beehaw Support

!support@beehaw.org

Create post

Support and meta community for Beehaw. Ask your questions about the community, technical issues, and other such things here.

A brief FAQ for lurkers and new users can be found here.

Our September 2024 financial update is here.

For a refresher on our philosophy, see also What is Beehaw?, The spirit of the rules, and Beehaw is a Community

This community’s icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

 

Community stats

  • 30

    Monthly active users

  • 373

    Posts

  • 5.5K

    Comments

Community moderators