this post was submitted on 13 Jul 2023
1 points (57.1% liked)

Lemmy.world Support

3251 readers
54 users here now

Lemmy.world Support

Welcome to the official Lemmy.world Support community! Post your issues or questions about Lemmy.world here.

This community is for issues related to the Lemmy World instance only. For Lemmy software requests or bug reports, please go to the Lemmy github page.

This community is subject to the rules defined here for lemmy.world.

To open a support ticket Static Badge


You can also DM https://lemmy.world/u/lwreport or email [email protected] (PGP Supported) if you need to reach our directly to the admin team.


Follow us for server news ๐Ÿ˜

Outages ๐Ÿ”ฅ

https://status.lemmy.world



founded 2 years ago
MODERATORS
 

As in title. Just wanted to report this in case somehow the Lemmy.world devs somehow aren't already well aware of this. I've had a new, not detected by my email provider (so probably fresh) phishing email on the address associated with my Lemmy.world account almost daily since the hack. While there's always a possibility it was grabbed somewhere else, I assume that means the hackers grabbed the user email address's of the Lemmy.world users to flog cheaply to spammers. Not much Lemmy.world can do retrospectively but might be worth looking at ways to avoid that being as easy in the event of another lemmy software security issue (could the addresses be stored encrypted possibly?) and, if possible, confirm that this has actually happened then issue a PSA to users so they are alert to be wary of suspicious emails to the account they registered with.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] ruud 5 points 1 year ago

The only way they could have gotten your e-mail is by 'stealing' your cookie and using it to view your settings. But I think this was 1 person, and they were busy abusing the admins account they 'hijacked' so I doubt they abused any non-admin accounts. (But of course it's possible).