Lemmy.world is compromised
Lemmy.world is compromised
They been redirecting to lemon party and some weird video. Do not go to the website. This is the admin that been hacked:
EDIT: lemmy.blahaj.zone also compromised!
39 comments
-
Out of precaution we will defederate from lemmy.world until this is resolved.
Edit: Lemmy.world has resolved the issue
-
-
Thank you for the heads up that it's fixed.
-
Although requiring 2FA, for all admins on your instance seems appropriate.
To my knowledge we all have 2FA enabled. Will confirm.
-
-
I appreciate the proactivity/precaution!
-
It's unresolved.
-
It is once again comprised
-
Have they resolved it? I can't comment there, or is that from this instance defederating from them? I don't have my lemmy.world account on this app
-
We believe they have resolved it but we will remain defederated overnight.
-
-
-
And this is why you use a password manager whenever you make new accounts on the internet.
If you had an account on the Lemmy.world website you need to change your password.
-
It's still compromised, right now it's showing text that says site seized by reddit for copyright infringement. Lol. Jerboa is just showing Lemmy World heads
-
*infringment
-
-
The page redirects is named Israel and it redirects to blank page with "This site was seized by Reddit for copyright infringement". So no, they don't have control yet.
-
Lemonparty! Now that's a name I haven't heard in ages 🍋🍋🍋👴
-
I am glad I’m on programming.dev for lemmy, but this could’ve happened to anyone. Hope nothing catastrophic happens
-
First vlemmy now this? what the fuck is going on?
-
this feels too intentional with two big servers in this short time frame icl
-
Reddit gotta do what Reddit gotta do to keep their IPO alive
-
-
-
Looks like it’s gonna be a bit really put a lid on this, but I guess another sign why this is a good system?
-
I was about to make a thread. Quite the bummer.
-
Thanks for the heads-up. Password changed.
-
I logged on and was like wtf because the site still works. Thought my phone was hacked heh
-
Yeah... I caught all that. Glad to see that they fixed it already though. Rough day for Rudd.
-
Is there a way to not do email verification but still using 2FA? That way, even if a user's account is somehow phished/compromised, it won't compromise their other accounts.
-
I just successfully set up 2FA for an account on another instance that doesn't have a verified email without any issues, so there's no need to have done email verification to use 2FA.
-
Absolutely you can do no phone/email and MFA. It's a TOTP thing like Google or Microsoft authenticator. The service doing the authentication has no idea how it's done on the other side, it just makes sure the codes match.
-
-
Bummer.
-
Man, after all that commenting and stuff I did... :(
-
Guys, the new Israel lemmy instance has a lot of content I like, but some images I don't agree with. should we defederate?
-
I don't think you realize what happened. The entire instance got fucked, it wasn't just some posts someone didn't like.
-
I was trying to by funny. :(
-
-
-
-
@mutant@kbin.social Grand, they're all tankies.
-
That's .ml admins
-
-
39 comments