Someone pulled off a js injection attack, where they put javascript into some comments or messages that would get executed by others seeing it in the web interface. The js sent the session cookies to the attackers, who got some admin sessions that way and took over lemmy.world for a bit. Given they only got the logged in session on the webinterface the damage was likely contained (i.e. no data stolen for example)
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]
Rules:
Be civil and nice.
Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.
Not much. Just that lemmy[.]world instance was hacked
Someone pulled off a js injection attack, where they put javascript into some comments or messages that would get executed by others seeing it in the web interface. The js sent the session cookies to the attackers, who got some admin sessions that way and took over lemmy.world for a bit. Given they only got the logged in session on the webinterface the damage was likely contained (i.e. no data stolen for example)