We know an issue occurred on the site over an hour ago with someone using my account to redirect the site, make fake posts, and change other settings. The problem has been corrected.

We will continue to monitor the situation and keep you informed.

  • trouser_mouse
    link
    English
    31 year ago

    If you are right do you know what are the potential impacts of the vulnerability, what could a malicious individual do?

    Hopefully not handling this many users without a comprehensive security audit!

    • AlmightySnoo 🐢🇮🇱🇺🇦
      link
      English
      51 year ago

      Cookies were likely obtained too, so they could have logged into your account using those cookies and gotten your email address or posted something with your account, but I think it’s more likely they prioritized admin accounts as they were also sending a flag indicating whether the account is an admin or not. Ruud’s has invalidated those cookies a while ago so they’re worthless now and the hacker can’t use them to log in. See ruud’s announcement.