Blåhaj Lemmy hacked - eviltoast

Hi everyone.

Lemmy had an XSS vulnerability and we were one of the instances attacked through this vulnerability. We had our homepage replaced by a youtube video.

The lemmy devs were quick to create a PR for this issue and we have patched our instance to fix it,

Also while I do not believe any login tokens were compromised, we have taken the additional measure of rotating our secret key, so everyone will have to login to the site again as your existing credentials will no longer be valid.

If login fails to work properly, you may have to clear your cookies for the site… it seems to get confused about whether you’re logged in or not.

Sorry that this happened, if you have any questions please contact @ada@lemmy.blahaj.zone or myself.

blobcat, heart

  • Liam Galt@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    I had to completely reset my password to be able to log in, but I’m unable to log in anywhere except for where I reset my password. I’ve cleared my cache/cookies, I’ve cleared all data for any Lemmy apps I have, but it still doesn’t work. Any suggestions?

    • moonsnotreal@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      I’m having the same issue, I can only log in on firefox, nowhere else. I’ve cleared cookies for my other browsers and cleared the data for jerboa.