lemmy.world and lemmy.blahaj.zone got hacked, admins in sopuli.xyz should enforce 2fa for admins and possibly disable/ look into possible injections from the community sidebar

  • ananas@sopuli.xyz
    link
    fedilink
    arrow-up
    2
    ·
    edit-2
    1 year ago

    It’s highly unlikely 2FA is enough to mitigate this kind of an attack. It’s a security vulnerability in lemmy itself, and they are stealing your access token instead of trying to log in as you.

    edit: People, please, no reason to downvote admin ACKs. Just means they’ve at least read the message, after that, it’s their instance and they’ll do as they see fit.