I just wanted to inform you all that some other instances got hacked during the night.

It appears to have something to do with a vulnerability regarding costume emojis, but I am not sure about the exact details as I am not that knowledge about coding.

I don’t know if this instances is affected by this, but even some that are not have taken preventive measurements and loged every one out to renew the login token. As the hack stole it, and used it to spread harmful and disturbing posts.

https://lemmy.world/post/1290412

  • foobar@lemmy.villa-straylight.socialEnglish
    2·
    1 year ago

    I don’t think this instance uses custom emoji and discussion around this Lemmy issue suggests that federated content containing the emojis would probably not be vulnerable to this XSS exploit.

    There is a release candidate out for lemmy-ui with a fix now. There may be more updates coming as it seems that some more security hardening may be need to be worked on.

    • CaptainAStrawberry@lemmy.villa-straylight.socialOPEnglish
      2·
      1 year ago

      I honestly have no idea if we do or not. But I am on another instens that doesn’t have them, but decided to log everyone out and try to fix it anyway. Just to be on the safe side.

      So I figured better to let people on here know, so that the people in charge can decided if actions need to be taken or not, and so we aren’t caught with are pants down.

      • foobar@lemmy.villa-straylight.socialEnglish
        2·
        1 year ago

        So I figured better to let people on here know, so that the people in charge can decided if actions need to be taken or not, and so we aren’t caught with are pants down.

        I agree. Thank you for sharing this news here.