We know an issue occurred on the site over an hour ago with someone using my account to redirect the site, make fake posts, and change other settings. The problem has been corrected.

We will continue to monitor the situation and keep you informed.

  • Madbrad200
    link
    English
    781 year ago
    1. how did this happen
    2. what steps are being taken to ensure it doesn’t happen again
    3. was any personal data compromised for users?
    • Vamp
      link
      English
      421 year ago

      don’t turn into reddit admins now, please answer this lol

      • @dezmd
        link
        English
        461 year ago

        Give them some time to investigate maybe?

        • AlmightySnoo 🐢🇮🇱🇺🇦
          link
          English
          30
          edit-2
          1 year ago

          Here’s what I think happened: https://lemmy.world/comment/1059957

          Basically it’s Javascript that was injected in the main sidebar. That means that Lemmy doesn’t escape HTML in the main sidebar (what about community sidebars?) and that Lemmy devs need to prioritize a security audit of the whole code base right now, I did this kind of shit when I was a kid and it’s just insane that Lemmy has this vulnerability, this was not some sophisticated hack.

          What it also means is that it’s very unlikely that any personal data was compromised.

          • @Onlycats
            link
            English
            31 year ago

            It’s looks like an admin account got compromised.

            • AlmightySnoo 🐢🇮🇱🇺🇦
              link
              English
              111 year ago

              Yes that’s what allowed them to modify the contents of the sidebar, but the more serious problem is that you can put HTML in the sidebar and it won’t be escaped by the Lemmy backend. That’s what allowed this JavaScript redirection.

              • deweydecibel
                link
                English
                9
                edit-2
                1 year ago

                Should also be pointed out the admin is evidently still compromised. The one that posted this thread.

                • AlmightySnoo 🐢🇮🇱🇺🇦
                  link
                  English
                  41 year ago

                  I’m opening Pandora’s box: what if all sidebars, not just the main one, have this vulnerability? An admin account being compromised will be the least of our worries if this is the case.

          • trouser_mouse
            link
            English
            31 year ago

            If you are right do you know what are the potential impacts of the vulnerability, what could a malicious individual do?

            Hopefully not handling this many users without a comprehensive security audit!

            • AlmightySnoo 🐢🇮🇱🇺🇦
              link
              English
              51 year ago

              Cookies were likely obtained too, so they could have logged into your account using those cookies and gotten your email address or posted something with your account, but I think it’s more likely they prioritized admin accounts as they were also sending a flag indicating whether the account is an admin or not. Ruud’s has invalidated those cookies a while ago so they’re worthless now and the hacker can’t use them to log in. See ruud’s announcement.

        • @klyde
          link
          English
          41 year ago

          Hope you got that energy for the rest of Lemmy instances because they’re all the same

      • @Onlycats
        link
        English
        101 year ago

        Aviate, navigate, comunícate… Give them time to solve the issue.

    • @klyde
      link
      English
      -81 year ago

      What personal data did you give Lemmy? Lol. And if you’re going to question lemmy.world then head over to every other instance and take your stance there too.

      • Madbrad200
        link
        English
        131 year ago

        I don’t use other instances, I use lemmy.world. Questioning why and how a major instance got hacked isn’t an outlandish line of questioning; I need to know whether this will continue to be a safe, reliable, and secure instance to use otherwise I and presumably others will go elsewhere. This was relatively minor in the grand scheme of things, so hopefully it’ll be enough to prompt a fix for whatever caused it (seems like it was possibly insecure code not correctly sanitising HTML).

        • trouser_mouse
          link
          English
          11 year ago

          You’re absolutely spot on, it will be important to hear what happened and how and why. If an admin account was compromised, that’s not a good reflection on the security and related practices of this instance.