This was not a social engineering. It was a JavaScript injection that stole browser cookies, bypassing password changes and 2FA.
However, it seems lemmy.world was running a custom version of the UI. So it’s possible that it only affected their instance. Hard to say at this point.
This was not a social engineering. It was a JavaScript injection that stole browser cookies, bypassing password changes and 2FA.
However, it seems lemmy.world was running a custom version of the UI. So it’s possible that it only affected their instance. Hard to say at this point.