cross-posted from: https://lemmy.world/post/1287053

Be alert, Please do not launch a new tab of Lemmy.World. Having tabs already open with this site is fine but as soon as you do you will be bombarded with awful content with malicious intent to cause shock, disgust and distress.

In the meantime use alternative instances, other instances are not affected by this compromise. Do not open any links/posts from the user MichelleG.

Thanks for reading, please stay safe out there Lemmy users!

Update: Lemmy World is under attack again.

Update: I am not a super code-literate person so bare with me on this… But. Still please becareful. There appears to be a vulnerability.

Users are posting images like the following:

https://imgur.com/a/RS4iAeI

And inside hidden is JavaScript code that when executed can take cookie information and send it to a URL address.

Among other things. At this time if you see an image please click the icon circled before clicking the link. If you see anything suspicious, please report it immediately. It is better a false report than a missed one.

  • hawkwind@lemmy.management
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    3
    ·
    edit-2
    1 year ago

    I think this carrying on without providing more information is reckless. Does an actual admin from this instance really know what happened or are you just taking a bunch of random commentary and speculation as gospel then telling the users “we’re good.”

    • Aer@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      17
      ·
      edit-2
      1 year ago

      I am a moderator of this community, not an admin of Lemmy.World

      I know about as much as you. The difference is I have been spending time researching and discussing findings with other mods rather than sleeping which is what I should be doing.

      I found critical information that I thought important to share. That is all there is to it. If you do not feel safe using Lemmy.World you should login to another instance.

      The owners of Lemmy.World are also in the EU so are likely still asleep or awake and trying to figure this shit out.

      • hawkwind@lemmy.management
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        6
        ·
        1 year ago

        You do you. I would tell my users I have no idea what’s going on, and definitely not say “using your open tabs is probably fine.”

        • Aer@lemmy.worldOP
          link
          fedilink
          English
          arrow-up
          7
          ·
          1 year ago

          The attack involved a redirect that only affected pages that were freshly opened. If you had tabs that were opened before the attack no redirects happened, no malicious URLs of the sort. It showed the website as it was normal.

          That statement was in fact true. The attack only happened when you opened a new tab of Lemmy.World