Hi everyone.
Lemmy had an XSS vulnerability and we were one of the instances attacked through this vulnerability. We had our homepage replaced by a youtube video.
The lemmy devs were quick to create a PR for this issue and we have patched our instance to fix it,
Also while I do not believe any login tokens were compromised, we have taken the additional measure of rotating our secret ket, so everyone will have to login to the site again as your existing credentials will no longer be valid.
Sorry that this happened, if you have any questions please contact @[email protected] or myself.
I haven’t logged on to instances for a week and everything is already on fire.
Looks like I missed all the fun.
i don’t use the main blahaj lemmy site so i probably would’ve not seen it anyway