6
submitted 1 year ago* (last edited 1 year ago) by dcx to c/announcements

Update: Federation and community creation are now back online!

Hey all, there's a hack floating around which spreads via federated comments and steals users' Lemmy auth tokens. Lemmy.world and other large instances have been hacked, so we're taking some precautions until this is fixed:

  • We're logging everyone out so that auth tokens reset
  • We're closing off federation and community creation until this is patched

FYI, there are no indications that anyone on our instance has been hacked. We did find ten comments with the code injection attack, which we've now scrubbed. But it's very unlikely that this will cause harm at this stage. There are several steps between this and hacking the entire instance. (Also FYI for nontechnical users, the hack affected Lemmy logins and nothing else. Web browsers run all websites in a kind of "jail")

Sorry for the inconvenience โ€“ growing pains. Updates to come as we learn more!

you are viewing a single comment's thread
view the rest of the comments
[-] ruk_n_rul 0 points 1 year ago

Thanks for the info. Hope we're safe for now. Fingers crossed, simpang malaikat 44, all that stuff.

We're seeing the pros and cons of federation in action here. A few sites went down but the fediverse survives.

Unfortunately it also shows the fallacy of one account fits all, as the account could be taken down along with the instance server or walled off when the instance defederates. You really need multiple accounts to access the various pockets of the fediverse. I have 3 now, and one's on lemmy.world ๐Ÿ˜”

this post was submitted on 10 Jul 2023
6 points (100.0% liked)

Announcements

232 readers
1 users here now

founded 2 years ago
MODERATORS