• limecool
      link
      fedilink
      English
      arrow-up
      8
      ·
      1 year ago

      Not much. Just that lemmy[.]world instance was hacked

      • Redjard@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        10
        ·
        edit-2
        1 year ago

        Someone pulled off a js injection attack, where they put javascript into some comments or messages that would get executed by others seeing it in the web interface. The js sent the session cookies to the attackers, who got some admin sessions that way and took over lemmy.world for a bit. Given they only got the logged in session on the webinterface the damage was likely contained (i.e. no data stolen for example)