cross-posted from: https://lemmy.world/post/1290412
While I was asleep, apparently the site was hacked. Luckily, (big) part of the lemmy.world team is in US, and some early birds in EU also helped mitigate this.
As I am told, this was the issue:
- There is an vulnerability which was exploited
- Several people had their JWT cookies leaked, including at least one admin
- Attackers started changing site settings and posting fake announcements etc
Our mitigations:
- We removed the vulnerability
- Deleted all comments and private messages that contained the exploit
- Rotated JWT secret which invalidated all existing cookies
The vulnerability will be fixed by the Lemmy devs.
Details of the vulnerability are here
Many thanks for all that helped, and sorry for any inconvenience caused!
Update While we believe the admins accounts were what they were after, it could be that other users accounts were compromised. Your cookie could have been 'stolen' and the hacker could have had access to your account, creating posts and comments under your name, and accessing/changing your settings (which shows your e-mail).
For this, you would have had to be using lemmy.world at that time, and load a page that had the vulnerability in it.
Why Did Lemmy World Get Hacked?
2y 11mon ago by exploding-heads.com/u/Sexypink in askexplodingheads@exploding-heads.comWhat's Another Word To Use Instead of 'Gay' ?
2y 11mon ago by exploding-heads.com/u/Sexypink in askexplodingheads@exploding-heads.comWhat Sense of Meaning and Purpose Can Aging Single People Have Without a Family?
2y 11mon ago by exploding-heads.com/u/squashkin in askexplodingheads@exploding-heads.comIs Anyone Else Having Issues Uploading Photos ?
2y 11mon ago by exploding-heads.com/u/Sexypink in askexplodingheads@exploding-heads.comSeriously. Are We, 'Exploding-heads' users, Really Fuckin Nazi Asshole, Ignorant, Hateful, Transphobic Pieces Of Shit?
2y 11mon ago by exploding-heads.com/u/Sexypink in askexplodingheads@exploding-heads.comBest non-p.c. / non-woke comedians?
2y 11mon ago by exploding-heads.com/u/ihatetroons in askexplodingheads@exploding-heads.comWhat's Your Gayest Trait?
2y 11mon ago by exploding-heads.com/u/Sexypink in askexplodingheads@exploding-heads.comWhy Are People So Against Traditional Roles In A Relationship?
2y 11mon ago by exploding-heads.com/u/Sexypink in askexplodingheads@exploding-heads.comWhy Do You Hate Yourself?
2y 11mon ago by exploding-heads.com/u/Sexypink in askexplodingheads@exploding-heads.comWhat Would Be The Funniest Way To Break Up With Someone?
2y 11mon ago by exploding-heads.com/u/Sexypink in askexplodingheads@exploding-heads.comWho's The Worst Male Comedian In Your Opinion?
2y 11mon ago by exploding-heads.com/u/Sexypink in askexplodingheads@exploding-heads.comWho Would You Fuck Marry Kill?
2y 11mon ago by exploding-heads.com/u/Sexypink in askexplodingheads@exploding-heads.comAre You Annoyed That Most Posts Are About Reddit And Questions About The Fediverse?
2y 11mon ago by exploding-heads.com/u/Sexypink in askexplodingheads@exploding-heads.comWhat is your opinion on Andrew Tate?
2y 11mon ago by exploding-heads.com/u/auckify in askexplodingheads@exploding-heads.comIf you could bring back one dead musician in their prime, who would it be?
2y 11mon ago by exploding-heads.com/u/Ironskillet in askexplodingheads@exploding-heads.comNot saying bruce lee or chuck norris who is your favorite martial artist?
2y 11mon ago by exploding-heads.com/u/Ironskillet in askexplodingheads@exploding-heads.comFederation with Mastodon
2y 11mon ago by exploding-heads.com/u/veritas in askexplodingheads@exploding-heads.comShould i commit to a serious relationship to a girl with no job or college degree?
2y 11mon ago by exploding-heads.com/u/Ironskillet in askexplodingheads@exploding-heads.comHow do I create a community?
2y 11mon ago by exploding-heads.com/u/veritas in askexplodingheads@exploding-heads.comHow does this instance interface with Kbin.social?
2y 11mon ago by exploding-heads.com/u/veritas in askexplodingheads@exploding-heads.comWill down votes be coming back?
2y 11mon ago by exploding-heads.com/u/veritas in askexplodingheads@exploding-heads.com
What's your favourite Indiana Jones movie?
2y 11mon ago by exploding-heads.com/u/Duff in askexplodingheads@exploding-heads.com from exploding-heads.comBeverage of choice?
2y 11mon ago by exploding-heads.com/u/markeuzu in askexplodingheads@exploding-heads.com
How sketchy do you think this is?
2y 11mon ago by exploding-heads.com/u/DarkFart in askexplodingheads@exploding-heads.com from exploding-heads.comWhat happens if I eat unrefrigerated hot sauce?
2y 11mon ago by exploding-heads.com/u/fuzzy in askexplodingheads@exploding-heads.com
Unable to use this instance with Liftoff app
2y 11mon ago by exploding-heads.com/u/theory in askexplodingheads@exploding-heads.com from github.comHow to Post Just Images Now?
2y 11mon ago by exploding-heads.com/u/Lovstuhagen in askexplodingheads@exploding-heads.comWhy Is Burgitt.moe The Only Blocked Instance?
2y 11mon ago by exploding-heads.com/u/squashkin in askexplodingheads@exploding-heads.comsite rules?
2y 11mon ago by exploding-heads.com/u/ihatetroons in askexplodingheads@exploding-heads.comCan't Log In On Another Device
2y 11mon ago by exploding-heads.com/u/squashkin in askexplodingheads@exploding-heads.comWhy are down votes disabled?
3y 17d ago by exploding-heads.com/u/Sexypink in askexplodingheads@exploding-heads.comIncidental Inappropriate Content in Public?
3y 17d ago by exploding-heads.com/u/Lovstuhagen in askexplodingheads@exploding-heads.com"Select Language"
3y 19d ago by exploding-heads.com/u/Lovstuhagen in askexplodingheads@exploding-heads.comWhat Are Some Communities Where I Can Post Random Or Stupid Shit?
3y 21d ago by exploding-heads.com/u/Sexypink in askexplodingheads@exploding-heads.comHaven't Been Here In A While Am Curious About What The Growth Has Been?
3y 22d ago by exploding-heads.com/u/Sexypink in askexplodingheads@exploding-heads.comIs it working again?
3y 22d ago by exploding-heads.com/u/Sexypink in askexplodingheads@exploding-heads.comWhy I can't see a community in a linked instance?
3y 23d ago by exploding-heads.com/u/SDD701 in askexplodingheads@exploding-heads.comIs exploding heads get a lot of new user registrations too? The rest of the lemmyverse is surging in new users
3y 1d ago by lemmy.perthchat.org/u/ThePhoenixFire in askexplodingheads@exploding-heads.com