ATTENTION LEMMY ADMINS: XSS VULNERABILITY NEEDS PATCHING
Details:
https://lemmy.world/post/1293336
Lemmy.world was hacked and most Lemmy servers are still vulnerable to the exploit:
https://lemmy.world/post/1290412
[posted also to @fediverse]
@liaizon @fediverse I only joined a few days ago. I suppose this means I have to alter my password?
Hi there! Looks like you linked to a Lemmy community using an URL instead of its name, which doesn’t work well for people on different instances. Try fixing it like this: !fediverse@lemmy.ml
The attack shouldn’t have exposed passwords or hashes, only the JWT cookie. The secret on the server has been changed so all old cookies should no longer work.
There is a very small possibility that email address may have been able to be seen if they logged is as you, but they were looking for admin accounts