• limecool
        link
        fedilink
        English
        arrow-up
        8
        ·
        1 year ago

        Not much. Just that lemmy[.]world instance was hacked

        • Redjard@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          10
          ·
          edit-2
          1 year ago

          Someone pulled off a js injection attack, where they put javascript into some comments or messages that would get executed by others seeing it in the web interface. The js sent the session cookies to the attackers, who got some admin sessions that way and took over lemmy.world for a bit. Given they only got the logged in session on the webinterface the damage was likely contained (i.e. no data stolen for example)