Update on lemmy hack: Long story short - we're safe here.
Update on lemmy hack: Long story short - we're safe here.
This post is intended as a central place that admins can reference regarding the XSS incident from this morning. ### What happened? A couple of the bigger Lemmy instances had several user accounts compromised through stolen authentication cookies. Some of these cookies belonged to admins, these admi...
See post for details, but a quick tl;dr:
Malicious actors were able to inject code using a XSS (cross site scripting) attack and steal JWT tokens for users. Any user who had their token compromised has potentially had their password and email address compromised.
This only applies to instances that have local custom emojis. Posts with custom emojis that are federated in from a remote server are not affected.
We currently have no custom emojis, so if your account is here on TTRPG.network, your account is safe.
If your account is remote to an affected server, i would recommend changing your password asap