I'm surprised I haven't seen more posts yet about this. A rogue or compromised admin put JavaScript redirects on Lemmy.world as well as changed the name and some other things. The other admins removed the compromised admin, but then about 30 minutes later they were reinstated and started wreaking havoc again. The instance eventually went offline completely.
this post was submitted on 10 Jul 2023
91 points (98.9% liked)
Lemmy Support
4645 readers
1 users here now
Support / questions about Lemmy.
founded 5 years ago
MODERATORS
Thanks for the explanation. What terrible news...
Seems we're still in the early stages for this major happening, so I'm sure there will be more information released very shortly.
I guess this goes to show why a federated networks are important, and why people shouldn't flock to the most popular instance. Right now many communities are down because of this, while the ones that were wise enough to set up their own instances are unaffected.
people shouldn’t flock to the most popular instance
That's precisely why I joined vlemmy.net, but now that seems to be suffering some other issue and is just completely down since yesterday...
Growing pains, I suppose. Mastodon had a serious vulnerability discovered a few days ago too. Looks like the fediverse is gonna need some time to adjust to this sudden massive wave of users.
vlemmy.net seems to be permanently down.
Source?
Search around. There was a big thread about it
I have no idea what is going on. Can anyone give me a ELI5? What happened? What is it doing?
Vlemmy is also down. I wonder is it's experiencing the same thing
no that one seems to have abandoned lemmy
well that would explain the problem i had then! the error page redirected me to this community very helpfully. i was meaning to make another account on a smaller instance anyways, so not entirely bad
I deleted my .world account yesterday. Sorry if it's a stupid question, but do I have to do anything about that? If so, what?
You ruined everything! 😡
No lmao an admin account got hacked it seems
I got that much, but I don't understand anything else. JavaScript injection? Is someone going to steal my deleted account or is that not possible?
From what I've read, links were redirecting to "shock" websites. It's more of an old-internet Rick roll, but with gore type content instead of a silly music video. I don't think we have to worry about data, but we'll learn more in the next hour(s).
Thanks for the explanation!
On another post they showed it was stealing browser cookies, so your login information for any site you're logged into could be compromised. Definitely not a prank
So how does that effect a deleted account?
view more: next ›