Lemmy.world is compromised

Kururin@talk.kururin.tech · edit-2 2 年前

Lemmy.world is compromised

TruckBC@lemmy.ca · edit-2 2 年前

Out of precaution we will defederate from lemmy.world until this is resolved.

Edit: Lemmy.world has resolved the issue

dampfnudel@lemmy.zip · edit-2 2 年前

deleted by creator

TruckBC@lemmy.ca · 2 年前

Thank you for the heads up that it’s fixed.

TruckBC@lemmy.ca · 2 年前

Although requiring 2FA, for all admins on your instance seems appropriate.

To my knowledge we all have 2FA enabled. Will confirm.

durablenapkin@lemmy.ca · 2 年前

I appreciate the proactivity/precaution!

Roggie@lemmy.zip · 2 年前

It is once again comprised

hawkwind@lemmy.management · 2 年前

It’s unresolved.

remotedev@lemmy.ca · 2 年前

Have they resolved it? I can’t comment there, or is that from this instance defederating from them? I don’t have my lemmy.world account on this app

TruckBC@lemmy.ca · 2 年前

We believe they have resolved it but we will remain defederated overnight.

bioemerl@kbin.social · 2 年前

And this is why you use a password manager whenever you make new accounts on the internet.

If you had an account on the Lemmy.world website you need to change your password.

Tugboater203@kbin.social · 2 年前

It’s still compromised, right now it’s showing text that says site seized by reddit for copyright infringement. Lol. Jerboa is just showing Lemmy World heads

☆Luma☆@lemmy.ca · 2 年前

*infringment

Anon819450514@lemmy.ca · 2 年前

The page redirects is named Israel and it redirects to blank page with “This site was seized by Reddit for copyright infringement”. So no, they don’t have control yet.

AnonymousLlama@kbin.social · 2 年前

Lemonparty! Now that’s a name I haven’t heard in ages 🍋🍋🍋👴

solarzones@kbin.social · 2 年前

I am glad I’m on programming.dev for lemmy, but this could’ve happened to anyone. Hope nothing catastrophic happens

thundercunt@lemm.ee · 2 年前

First vlemmy now this? what the fuck is going on?

thundercunt@lemm.ee · edit-2 2 年前

this feels too intentional with two big servers in this short time frame icl

zephyreks@lemmy.ca · 2 年前

Reddit gotta do what Reddit gotta do to keep their IPO alive

Izzy@lemmy.one · 2 年前

I was about to make a thread. Quite the bummer.

sykccc@lemmy.ca · 2 年前

Looks like it’s gonna be a bit really put a lid on this, but I guess another sign why this is a good system?

PenguinTD@lemmy.ca · 2 年前

Is there a way to not do email verification but still using 2FA? That way, even if a user’s account is somehow phished/compromised, it won’t compromise their other accounts.

TruckBC@lemmy.ca · 2 年前

I just successfully set up 2FA for an account on another instance that doesn’t have a verified email without any issues, so there’s no need to have done email verification to use 2FA.

elscallr@kbin.social · 2 年前

Absolutely you can do no phone/email and MFA. It’s a TOTP thing like Google or Microsoft authenticator. The service doing the authentication has no idea how it’s done on the other side, it just makes sure the codes match.

V699@kbin.social · 2 年前

I logged on and was like wtf because the site still works. Thought my phone was hacked heh

ihavenopeopleskills@kbin.social · edit-2 2 年前

Thanks for the heads-up. Password changed.

mintiefresh@lemmy.ca · 2 年前

Yeah… I caught all that. Glad to see that they fixed it already though. Rough day for Rudd.

FARTYSHARTBLAST@sh.itjust.works · 2 年前

Bummer.

takina_soldpairtm@kbin.social · 2 年前

Man, after all that commenting and stuff I did… :(