When logging into lemmy.world the banner now says “Israel - ni**a style” (full word unredacted) and it starts linking to lemon party and a bunch of other NSFW sites.

  • nosut
    link
    51
    edit-2
    1 year ago

    Yea. Looks like they are working on it:

    EDIT: Looks like things are starting to resolve.

    EDIT 2: MichelleG account admin was restored and she posted and update but shortly after the changes happened again. Her account is likely still compromised with someone else accessing things via it.

    EDIT 3: lemmy.world back online. MichelleG has again been removed as admin. Most things appear to have been cleaned up. Blocked instances still need to be fixed however.

      • nosut
        link
        431 year ago

        Worse. Admin account. The MichelleG account is an admin and it appears that it was compromised and is what is causing all the problems. It looks like they have removed it from admin so things wont get worse but they will likely take a bit to find and repair all the stupid little changes that were made.

        • @dragontamer
          link
          101 year ago

          The sidebar was changed.

          Obviously some javascript was installed to the frontpage that makes us redirect to lemon party (NSFW) ponographic site.

          Logo on top of the screen has changed, anti-Israel has been plastered all over the place.

          • @PabloPicasshole
            link
            81 year ago

            This is not inspiring confidence in their security. 2FA was off or was somehow circumvented.

            • @gkd
              link
              131 year ago

              If a JWT token was stolen 2FA wouldn’t matter.

            • MysticJorge
              link
              11 year ago

              Encountered that too. Would it be recommended to change passwords and logins though?

              • @PabloPicasshole
                link
                11 year ago

                We’ll see what they say but never a bad idea. Hopefully logins are encrypted and salted but I don’t use this username or password anywhere else.

                • MysticJorge
                  link
                  11 year ago

                  That’s the ideal situation. It’s been restored and I’m yet to see anything related to ‘login credentials being compromised’ or an advice to change them but as you said, it’s not a bad idea. Safety first

        • Meldroc
          link
          31 year ago

          The tasteless redirect & site-title-change seems to have gone away. The admins have retaken the site, now just cleaning up the junior edgelord’s mess.

    • @darrsilOP
      link
      21 year ago

      Not resolved, still getting redirects.

    • @Chocrates
      link
      11 year ago

      Is there a discord or something people are in?

      • nosut
        link
        31 year ago

        Not that I am aware of at least.

        • Vamp
          link
          91 year ago

          Yeah the admins have said they’re hands off and all but one person managing the world community isn’t active since ruud doesn’t check his notifications.

          Somewhat concerning tbh