lemmy.world and lemmy.blahaj.zone got hacked, admins in sopuli.xyz should enforce 2fa for admins and possibly disable/ look into possible injections from the community sidebar

  • allywilson
    link
    fedilink
    arrow-up
    4
    ·
    1 year ago

    Depends on the exploit really, but if they have admin access they have access to the info in your profile, so probably know your email address. I don’t know enough about the backend infra to be sure, but I doubt Lemmy stores passwords in plain text in DBs, etc. and although they have admin access, they probably don’t have access to the DB (again, a bit unfamiliar with all possibilities, but typically the DB is on a separate container/host/service independant of the frontend).

    Does anyone have a link for details on the hack/exploit?