Pardon the ignorance, but how do I know if I was compromised? what do?
Lemmy.World Announcements
This Community is intended for posts about the Lemmy.world server by the admins.
Follow us for server news ๐
Outages ๐ฅ
https://status.lemmy.world
For support with issues at Lemmy.world, go to the Lemmy.world Support community.
Support e-mail
Any support requests are best sent to [email protected] e-mail.
Report contact
- DM https://lemmy.world/u/lwreport
- Email [email protected] (PGP Supported)
Donations ๐
If you would like to make a donation to support the cost of running this platform, please do so at the following donation URLs.
If you can, please use / switch to Ko-Fi, it has the lowest fees for us
Join the team
This is why I've decided against running my own Lemmy instance. Too much work to have to keep up constantly with updating, too big of an attractive target for attackers.
If you run the instance only for yourself then I'd say it makes you an unattractive target. Why do a lot of work to hack an instance with one user?
But yeah, since Lemmy's code is not super mature there'll be some pains in the short term.
Interesting.
Attackers started changing site settings and posting fake announcements etc
So at least that wasn't 100% malicious, otherwise they could've kept the vuln hidden and just collect data and whatnot.
On the other hand, who cared enough about Lemmy to hack it? Weird.
With the JWT secret rotation, shouldn't everyone be forced to re-login? I'm posting with my existing session without any changes.
If I'm not from lemmy.world and visited a lemmy.world community via my home instance, does the hacker gain access to my account?
If I, while logged in to my home instance, accessed lemmy.world in another tab, does the hacker gain access to my account?
Does this hack infect devices used to access lemmy.world?
Sorry for noob questions, I'm just worried.
Rock on, Rudd.
Must have been jealous spez
Well that's just great it really is a shame though how some people would actively want to ruin something free like this just because they can.
Thanks for the transparency. Was having issues with Lemmy, now seems everything back to normal. Got a question, Just to add an extra layer of security, Do i need to use ToR or VPN with Lemmy ?
Excellent, thanks for the quick response ruud and admins.
Here's a relevant post that talked about this with @[email protected] I think is worth looking into for anyone curious what exactly happened.
https://sh.itjust.works/post/923025
please don't visit the legal section of the website or anything confirmed compromised if anything.
Thanks all working again. Had to clear my browser cache in order to login again and had to resign in to memmy too.
I guess its early days for lemmy for incidents like this, fingers crossed something like this doesn't happen again :)
It's a nice reminder that those with the skills but not the bad intentions would be welcome to look through the source code for vulnerabilities and report/patch anything they might find. :)
Thank you for taking the time to update this :) Hope everything will be sorted out without people being scared. As a layman, was any user data compromised?