PSA: Lemmy.world has been compromised! (Edit: Multiple Instances are down)
PSA: Lemmy.world has been compromised! (Edit: Multiple Instances are down)
FYI!!! In case you start getting re-directed to porn sites.
Maybe the admin got hacked?
edit: lemmy.blahaj.zone has also been hacked. beehaw.org is also down, possibly intentionally by their admins until the issue is fixed.
Post discussing the point of vulnerability: https://lemmy.ml/post/1896249
Github Issue created here: https://github.com/LemmyNet/lemmy-ui/issues/1895
You're viewing a single thread.
lemmy.blahaj.zone got hacked too, looks like the same people
They also changed the allowed/blocked instances to allow threads.net and defederate lemmy.ml, just like they did on lemmy.world: https://lemmy.blahaj.zone/instances
Huh... so this probably is more sophisticated than a single acct breach then. Lovely.
Yeah, I'd recommend any server admin that doesn't have 2FA turn it on ASAP until we know what their exploiting
Looks like the accounts were compromised by stealing their cookie - something 2FA can't stop.
Still should have it on, though.
blahaj admins are aware and have the site down with a splash screen now
Links to this video: https://www.youtube.com/watch?v=Z1K4BUtHsO4
Yup they must of just put that up after I posted and @ the admins