In case you’re not aware, multiple Lemmy instances suffered hacks recently that allowed the hackers to gain admin privileges and deface the instances and/or redirect users to other sites. Luckily, midwest.social was not a victim of this from what I can tell. To mitigate any more issues I have deleted the single custom emoji that had been uploaded and rotated the JWT which means you will have to log in again on all your devices.

Update: The devs have released 0.18.2 with a security fix for this and I’ve upgraded to it.

  • linuxdaemon
    link
    fedilink
    English
    arrow-up
    8
    ·
    edit-2
    11 months ago

    If you log in and it doesn’t show your username, you might have to clear your cookies for midwest.social and login again. I had to do that in Firefox anyway.

  • george
    link
    fedilink
    English
    arrow-up
    3
    ·
    11 months ago

    Thanks for providing this space for us!

  • SaintWacko
    link
    fedilink
    English
    arrow-up
    2
    ·
    11 months ago

    Not sure if it’s related, but my midwest.social account had disappeared from wefwef and I had to log back in

      • SaintWacko
        link
        fedilink
        English
        arrow-up
        3
        ·
        11 months ago

        Oh. Wow, was that bit about the JWT always there? Did I just completely gloss over it?

  • FormerGameDev
    link
    fedilink
    English
    arrow-up
    1
    ·
    11 months ago

    so… interestingly, account settings seem to be somehow related to that, as all my settings got mangled.

    also, holy cow the dark theme on this is terrible