this post was submitted on 10 Jul 2023
3280 points (99.3% liked)

Lemmy.World Announcements

29199 readers
3 users here now

This Community is intended for posts about the Lemmy.world server by the admins.

Follow us for server news ๐Ÿ˜

Outages ๐Ÿ”ฅ

https://status.lemmy.world/

For support with issues at Lemmy.world, go to the Lemmy.world Support community.

Support e-mail

Any support requests are best sent to info@lemmy.world e-mail.

Report contact

Donations ๐Ÿ’—

If you would like to make a donation to support the cost of running this platform, please do so at the following donation URLs.

If you can, please use / switch to Ko-Fi, it has the lowest fees for us

Ko-Fi (Donate)

Bunq (Donate)

Open Collective backers and sponsors

Patreon

Join the team

founded 2 years ago
MODERATORS
 

While I was asleep, apparently the site was hacked. Luckily, (big) part of the lemmy.world team is in US, and some early birds in EU also helped mitigate this.

As I am told, this was the issue:

  • There is an vulnerability which was exploited
  • Several people had their JWT cookies leaked, including at least one admin
  • Attackers started changing site settings and posting fake announcements etc

Our mitigations:

  • We removed the vulnerability
  • Deleted all comments and private messages that contained the exploit
  • Rotated JWT secret which invalidated all existing cookies

The vulnerability will be fixed by the Lemmy devs.

Details of the vulnerability are here

Many thanks for all that helped, and sorry for any inconvenience caused!

Update While we believe the admins accounts were what they were after, it could be that other users accounts were compromised. Your cookie could have been 'stolen' and the hacker could have had access to your account, creating posts and comments under your name, and accessing/changing your settings (which shows your e-mail).

For this, you would have had to be using lemmy.world at that time, and load a page that had the vulnerability in it.

(page 10) 50 comments
sorted by: hot top controversial new old
[โ€“] jpants@lemmy.fmhy.ml 2 points 2 years ago

I see you, Imposter.

[โ€“] BugleFingers@lemmy.world 2 points 2 years ago

Because I am obsessed with bugles, any comment or post I make that does not manage to fit bugles in somewhere (because I always have room for bugles) will be an imposter!

Thank you for the transparency and keeping my nefarious bugle consumption private!

[โ€“] medvedev@lemmy.world 2 points 2 years ago

thanks to admin team for resolving that quickly

[โ€“] gabriele97@lemmy.g97.top 2 points 2 years ago (1 children)

How are you preventing it to happen again until a patch is released from devs?

load more comments (1 replies)
[โ€“] chokidar@lemmy.world 2 points 2 years ago

Well done on acting on it so quickly. I think I did see some of the fake announcements you were referring too but were taken down very quickly. Keep up the good work team and thanks for everything you are doing!

[โ€“] Rooki@lemmy.world 2 points 2 years ago* (last edited 2 years ago) (1 children)

Is there a rough time range when it happened? and any news about other big instances like lemmy.ml? Are those safe? Currently they are not on the same version as lemmy.world.

load more comments (1 replies)
[โ€“] sheetmysharts@lemmy.world 2 points 2 years ago

Thanks to everyone involved for the quick response ๐Ÿ‘

[โ€“] weeahnn@lemmy.blahaj.zone 2 points 2 years ago (1 children)

is that why I can't log into my lemmy.world account?

[โ€“] weeahnn@lemmy.world 2 points 2 years ago

ok not a problem anymore. seems like I just had to clear my cache and it let me log in

[โ€“] Noedel@lemmy.world 2 points 2 years ago (1 children)

Is this why I had to sign in and out of my account on liftoff?

I couldn't comment untill I did that. There may be others!

load more comments (1 replies)
[โ€“] downpunxx@lemmy.world 2 points 2 years ago

******* This happened to me, one of my posts had it's photo deleted (I didn't delete it), then when I replaced it, the next time I checked the entire post had been deleted.

[โ€“] mourkeer@lemmy.world 2 points 2 years ago (1 children)

I lost some of my post history. Is there a data issue that's come from this? Why are my comments gone?

[โ€“] pgetsos@kbin.social 2 points 2 years ago (1 children)

If it is only recent post history, maybe it was purged along with many malicious comments/posts

[โ€“] mourkeer@lemmy.world 2 points 2 years ago

I know but this was over a week of comments lost.

[โ€“] binary45@lemmy.world 1 points 2 years ago (2 children)

Is that why I got logged off?

load more comments (2 replies)
[โ€“] sma3in@lemmy.world 1 points 2 years ago

that is why I got logged off from my account this morning!! impressed by the rapid intervention!! Good job lemmy team!

[โ€“] coconutxyz@lemmy.world 1 points 2 years ago (2 children)

lemmy explorer still acting kinda funny, not sure who is the person in charge to inform

load more comments (2 replies)
[โ€“] xortingen@lemmy.world 1 points 2 years ago

Thanks for the quick response. Do we know if there was any data leak?

[โ€“] mayo@lemmy.world 1 points 2 years ago (1 children)

Had an issue at work not long ago involving stolen tokens and back then it looked as if the token was scraped along with a lot of other web traffic and then about 12 days later they gained access.

[โ€“] ruud@lemmy.world 2 points 2 years ago

Luckily the tokens have been invalidated by updating the secret

[โ€“] mayo@lemmy.world 1 points 2 years ago

Been busy for lemmy team lately hopefully it's not too much

[โ€“] ext23@aussie.zone 1 points 2 years ago (1 children)

So is it safe to log back in?

load more comments (1 replies)
[โ€“] tobier@lemmy.world 1 points 2 years ago

Thanks for being open about this and quick to fix it!

[โ€“] Atiran@lemm.ee 1 points 2 years ago

One of the reasons I used a throwaway email here.

load more comments
view more: โ€น prev next โ€บ