I would be cautious about viewing any Lemmy.world communities right now, and the Beehaw admins should make sure their credentials are locked down in case they get targeted next.

  • Zephyrix@kbin.social
    link
    fedilink
    arrow-up
    8
    ·
    edit-2
    1 year ago

    This was not a social engineering. It was a JavaScript injection that stole browser cookies, bypassing password changes and 2FA.

    However, it seems lemmy.world was running a custom version of the UI. So it’s possible that it only affected their instance. Hard to say at this point.

    • loobkoob@kbin.social
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Oh, well in that case it’s a little more concerning. But I don’t expect it to be a long-term issue. It certainly isn’t a serious blow to my confidence in the security of the fediverse, that’s for sure! It being a somewhat minor breach may be a blessing, also; it means there’ll almost certainly be more of a focus on security going forward before something more serious happens.