PSA: Lemmy.world has been compromised! (Edit: Multiple Instances are down)
FYI!!! In case you start getting re-directed to porn sites.
Maybe the admin got hacked?
edit: lemmy.blahaj.zone has also been hacked. beehaw.org is also down, possibly intentionally by their admins until the issue is fixed.
Post discussing the point of vulnerability: https://lemmy.ml/post/1896249
Github Issue created here: https://github.com/LemmyNet/lemmy-ui/issues/1895
You are viewing a single comment
lemmy.world was briefly back to normal and there had been a post saying that everything was fine now - it's not.
The site has just started doing the same thing again.
Please do not try using lemmy.world for the time being.
the post saying everything was fine now was coming from the same account that was originally compromised
We've changed our name to Israel. - The Admins.
Lol so how do you expect to be notified then? You don't think they can get their account back? They'll get it back eventually.
They have multiple admins. The expectation would be for one of the non compromised admins to make the announcement. It's a trusted channels thing
i just got logged out of my account from Jerboa and can't login anymore. my is completely wiped from my app now.
edit: okay seems the admins have taken down lemmy.world and thats probably why it happend in the app. but its weird that it just wipes the login and data of the instance in the app.. weird.
My self hosted instance has hiccups sometimes and Jerboa just doesn't handle it super well. You can swipe away the app and reopen once the server is back and it should come right back up.
Jerboa tries to log in with session info passed to the server, if the server doesn't respond properly then it just calls you Anonymous, because it can't acquire your username and info. That's probably what's happening.
oh, okay. didn't knew that. i expected that it saves the login information locally (encrypted) and then uses this to login.. and if there is an error, that it just says "login error" or something.. with the option to retry.
it's weird that it looks like the whole login data just gets wiped. confused me a lot since it also said Anonymous as my user etc.. really thought first my account got hacked after all that issues.
I'm not using your app, I'm still learning Connect but ran into similar sounding confusion. Maybe yours is acting the same way: Connect puts an option in the settings to switch which instance(.world/.ee/.ca) it's running on, and each option will show its own list of users in the apps main sidebar. I switched and thought I lost all my login info, but it was there when I switched back. I maybe wouldn't try switching to .world right now, but if that's how your app works maybe it's all still there waiting.