Lemmy.World Announcements

29066 readers

3 users here now

This Community is intended for posts about the Lemmy.world server by the admins.

Follow us for server news 🐘

Outages 🔥

https://status.lemmy.world

For support with issues at Lemmy.world, go to the Lemmy.world Support community.

Support e-mail

Any support requests are best sent to [email protected] e-mail.

Report contact

DM https://lemmy.world/u/lwreport
Email [email protected] (PGP Supported)

Donations 💗

If you would like to make a donation to support the cost of running this platform, please do so at the following donation URLs.

If you can, please use / switch to Ko-Fi, it has the lowest fees for us

Join the team

founded 1 year ago

MODERATORS

118

Lemmy.world Site Redirects and More Removed (self.lemmyworld)

submitted 1 year ago by MichelleG to c/lemmyworld

93 comments fedilink hide all child comments

We know an issue occurred on the site over an hour ago with someone using my account to redirect the site, make fake posts, and change other settings. The problem has been corrected.

We will continue to monitor the situation and keep you informed.

you are viewing a single comment's thread
view the rest of the comments

[–] trouser_mouse 3 points 1 year ago (1 children)

If you are right do you know what are the potential impacts of the vulnerability, what could a malicious individual do?

Hopefully not handling this many users without a comprehensive security audit!

[–] AlmightySnoo 5 points 1 year ago

Cookies were likely obtained too, so they could have logged into your account using those cookies and gotten your email address or posted something with your account, but I think it's more likely they prioritized admin accounts as they were also sending a flag indicating whether the account is an admin or not. Ruud's has invalidated those cookies a while ago so they're worthless now and the hacker can't use them to log in. See ruud's announcement.