Concerns were posted a few days ago, but no POC that used the exact same attack as we saw here. Basically, there were some warnings, and work was underway that would have prevented this, but it was not done fast enough. There is a patch now, that will take a while to roll out, plus a renewed focus on general and related issues.
hawkwind
joined 1 year ago
Don't fall for it. They're also an admin on mastodon.world! :)
They defaced it with dicks and changed the federation list to be only threads.net. I don't think it was a state sponsored chinese hacking group. :)
That, is actually kind of fascinating and may be important info for someone doing a follow-up investigation. If that was the bad actor phishing for moderation access, why would they need that, when they already had an admin account? If it was legit, then it's super sus. whoever this app developer was needs to have a little light shone on them.
TBF, at least you're doing something.
You do you. I would tell my users I have no idea what's going on, and definitely not say "using your open tabs is probably fine."
That makes more sense.
I think this carrying on without providing more information is reckless. Does an actual admin from this instance really know what happened or are you just taking a bunch of random commentary and speculation as gospel then telling the users "we're good."
So any comment or post?
We've changed our name to Israel. - The Admins.
True that. If you look at posts on lemmy.world though, it's clear their users (which is like 50% of Lemmy) have zero clue they're defederated ATM, and probably many that don't know it's compromised.
Out of curiosity, where would the regulators go for a case like this? There's no "company" running it per. se.