Original Post:
https://lemmy.dbzer0.com/post/536477
Title:
PSA: Lemmy.world has been compromised!
Post:
FYI!!! In case you start getting re-directed to porn sites.
Maybe the admin got hacked?
Images:
First, some random video show up, I’m not gonna watch it in case its NSFL content.
Second, the website tries to redirect me, but uBlock Origin blocked it
The Front Page
Side Bar got messed up.
Everything else seems fine, here is the signup page with the Lemmy Version visible.
Also notable comment from the Original Post:
Yea, I switched to this alt. It appears to be one of the assistant admins accts. Seems like an old fashioned anon prank, to me, they’re mainly just trying to make stuff offensive and redirect people to lemonparty.
So, y’know, old school.
I don’t know if any data is actually in danger, but I doubt it. I don’t see why assistant admins would need access to it.
Edit: Someone else said an admin’s credentials was compromised:
One of the admin accounts appears to have been compromised. The owner/other admins appear to be aware now because that account had its admin access revoked and offending posts are being removed.
Definitely opens up a big question about the security of Lemmy instances that I am sure will be discussed over the next few days.
@db0@lemmy.dbzer0.com be careful with making admins. And secure your passwords, use 2fa, etc…
Edit 2: Now the entire front page is filled with posts regarding the lemmy.world hack. Interesting…
https://i.imgur.com/VvxiphP.jpg
Edit 3: Lol a post was made from the hacked account claiming the hack was fixed, but that account is still under the hacker’s control:
well that really ruins my trust with lemmy.world… hope data isnt in danger
Edit: I now know this was a general security issue with the entirety of lemmy… not just lemmy.world, my bad.
I don’t think most of you know how shit works because you keep talking about data lmao
from the official statement from lemmy.world: “Update While we believe the admins accounts were what they were after, it could be that other users accounts were compromised. Your cookie could have been ‘stolen’ and the hacker could have had access to your account, creating posts and comments under your name, and accessing/changing your settings (which shows your e-mail).”
So yes, they very well could get my information, I dont think you know how shit works.
Data most definitely exists on the server. It has to be stored somewhere. Email is federated, too, but your inbox can certainly reach a limit of its allotted storage.
What’s a database?
Jokes aside, beehaw deferderated from them for spam/aggression reasons then this. Ouch
Granted their userbase exploded but it does seem interesting.
Also not saying they are responsible. I’m just curious if they saw the calm before the storm.
Edit: The app that I pay nothing for and have not contributed towards doesn’t allow comment editing and I had to result to the web. Lol please play the tiniest violin for me as I struggle through these hard times. 🤣🤣🤣🤣
Lol I never even used an app, I’ve been using browser since June 12.