Lemmy.World Announcements
This Community is intended for posts about the Lemmy.world server by the admins.
Follow us for server news ๐
Outages ๐ฅ
https://status.lemmy.world/
For support with issues at Lemmy.world, go to the Lemmy.world Support community.
Support e-mail
Any support requests are best sent to info@lemmy.world e-mail.
Report contact
- DM https://lemmy.world/u/lwreport
- Email report@lemmy.world (PGP Supported)
Donations ๐
If you would like to make a donation to support the cost of running this platform, please do so at the following donation URLs.
If you can, please use / switch to Ko-Fi, it has the lowest fees for us
Join the team
With the JWT secret rotation, shouldn't everyone be forced to re-login? I'm posting with my existing session without any changes.
Thank you for taking the time to update this :) Hope everything will be sorted out without people being scared. As a layman, was any user data compromised?
I noticed this morning for a small amount of my posts with pictures, maybe 5-10%, the pictures were deleted or missing. Not sure if this is related to the incident.
It seems there is no way in Lemmy to invalidate all your session cookies? Without that, how can you secure an account which has a stolen session cookie?
Excellent, thanks for the quick response ruud and admins.
Here's a relevant post that talked about this with @AlmightySnoo@lemmy.world I think is worth looking into for anyone curious what exactly happened.
https://sh.itjust.works/post/923025
please don't visit the legal section of the website or anything confirmed compromised if anything.
Interesting.
Attackers started changing site settings and posting fake announcements etc
So at least that wasn't 100% malicious, otherwise they could've kept the vuln hidden and just collect data and whatnot.
On the other hand, who cared enough about Lemmy to hack it? Weird.
On the other hand, who cared enough about Lemmy to hack it? Weird.
This one: https://lemmy.world/u/LMAO
Had to re-login in the Connect app