PSA: Lemmy.world has been compromised! (Edit: Multiple Instances are down)

Fediverse@lemmy.ml – 433 points – 1 years ago

FYI!!! In case you start getting re-directed to porn sites.

Maybe the admin got hacked?

edit: lemmy.blahaj.zone has also been hacked. beehaw.org is also down, possibly intentionally by their admins until the issue is fixed.

Post discussing the point of vulnerability: https://lemmy.ml/post/1896249

Github Issue created here: https://github.com/LemmyNet/lemmy-ui/issues/1895

You are viewing a single comment

View all comments Show the parent comment

I like KeePass. Bitwarden currently has an nginx exposure in the Dockerfile published in their git repo (may have been fixed since a couple of days ago). That said, I used Bitwarden for many years and switched out of an abundance of paranoia, and am definitively not recommending against it. Just basically use one of the following:

Bitwarden
KeePass
1password

And stay far the fuck away from LastPass

my uni is currently still recommending lastpass as of now, tho I’ve heard they might be looking for alternatives …

LastPass has had a few security incidents lately. I do not trust them at all.

This was not the first and it won't be the last. They've had issues going as far back as 2015. Don't keep your credentials with a paid platform. Use something you can fully audit and control yourself like Bitwarden or KeePass

Let your classmates know that last pass has semi permanently damaged their trustworthiness by trying to hide a security breach, and then downplaying the severity of the breach, and that your University's security recommendations are intrinsically suspect as a result

I don't know that 1password should be on that list. The first two are free and open source. The last one is paid and proprietary.

Don't put your credentials in the hand of a company that requires you to trust them to not fuck up. Everyone thought LastPass was great until they weren't

KeePass +1