lemmy.world and lemmy.blahaj.zone got hacked, admins in sopuli.xyz should enforce 2fa for admins and possibly disable/ look into possible injections from the community sidebar

  • Nuuskis@sopuli.xyz
    link
    fedilink
    arrow-up
    9
    ·
    1 year ago

    So there’s no risks for regular users if they get hacked? Asking for learning purposes.

    • allywilson@sopuli.xyz
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      Depends on the exploit really, but if they have admin access they have access to the info in your profile, so probably know your email address. I don’t know enough about the backend infra to be sure, but I doubt Lemmy stores passwords in plain text in DBs, etc. and although they have admin access, they probably don’t have access to the DB (again, a bit unfamiliar with all possibilities, but typically the DB is on a separate container/host/service independant of the frontend).

      Does anyone have a link for details on the hack/exploit?