I would be cautious about viewing any Lemmy.world communities right now, and the Beehaw admins should make sure their credentials are locked down in case they get targeted next.

  • loobkoob@kbin.social
    link
    fedilink
    arrow-up
    26
    ·
    edit-2
    1 year ago

    Surely it’s not really any different to any other website’s admin having their account hacked/their password socially engineered? It’s not an inherent flaw in the fediverse as a whole, just a human issue.

    EDIT: see @Zephyrix’s comment below. It was a security flaw.

    • Zephyrix@kbin.social
      link
      fedilink
      arrow-up
      9
      ·
      edit-2
      1 year ago

      This was not a social engineering. It was a JavaScript injection that stole browser cookies, bypassing password changes and 2FA.

      However, it seems lemmy.world was running a custom version of the UI. So it’s possible that it only affected their instance. Hard to say at this point.

      • loobkoob@kbin.social
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        Oh, well in that case it’s a little more concerning. But I don’t expect it to be a long-term issue. It certainly isn’t a serious blow to my confidence in the security of the fediverse, that’s for sure! It being a somewhat minor breach may be a blessing, also; it means there’ll almost certainly be more of a focus on security going forward before something more serious happens.