Warning: lemmy.world just got hacked
Warning: lemmy.world just got hacked
I would be cautious about viewing any Lemmy.world communities right now, and the Beehaw admins should make sure their credentials are locked down in case they get targeted next.
You are already defederated from them...
Just because Beehaw is defederated from this instance, that does not mean that visiting a recently compromised server will not cause your credentials to be compromised.
Read the post again. It was specifically mentioning viewing lemmy.world communities, which is not possible through beehaw.org due to defederation. All you would see is the content before defederation.
It's also possible that Beehaw's instance is vulnerable to the same XSS attack.
Why would a "foreign" instance need to know my credentials from my local instance just to allow me to browse that foreign instance?
Ah, didn't realize they were already defederated. Still, admins should be on the lookout for an attack on Beehaw.
But I'm not. I'm federated with both Beehaw and lemmy.world.
The post was posted in !support@beehaw.org by
beehaw.orguser.
They changed root folder / frontpage, if you access lemmy.world from web browser you'll be redirected somewhere
However, you still can access lemmy.world through applications
Welcome back to Beehaw!
Working fine right now.
If done via hacked admin credentials, this is a great advertisement for enabling 2FA anywhere it's supported. AIUI Lemmy is also getting support for this for user accounts soon (https://github.com/LemmyNet/lemmy/issues/2363)
Thanks for the heads-up. Password changed.
Not sure exactly how they were hacked, but if the server is still compromised then changing your password now doesn't do any good.
Looks fine to me...