cross-posted from: https://lemmy.world/post/1287053
Be alert, Please do not launch a new tab of Lemmy.World. Having tabs already open with this site is fine but as soon as you do you will be bombarded with awful content with malicious intent to cause shock, disgust and distress.
In the meantime use alternative instances, other instances are not affected by this compromise. Do not open any links/posts from the user MichelleG.
Thanks for reading, please stay safe out there Lemmy users!
Update: Lemmy World is under attack again.
Update: I am not a super code-literate person so bare with me on this… But. Still please becareful. There appears to be a vulnerability.
Users are posting images like the following:
And inside hidden is JavaScript code that when executed can take cookie information and send it to a URL address.
Among other things. At this time if you see an image please click the icon circled before clicking the link. If you see anything suspicious, please report it immediately. It is better a false report than a missed one.
Let this be a lesson to all. Use long passwords with a password manager to deter brute force attacks. Use 2FA for your account. It’s security 101.
The Lemmy 2fa has some compatibility issues and doesn’t verify you have working tokens
https://lemmy.eus/post/190738
https://github.com/LemmyNet/lemmy/issues/3309
Still better than no 2fa at all. And these bugs will get fixed in the future, so why not use it now already?
Interesting. That does present a serious issue then.