this post was submitted on 10 Jul 2023
172 points (100.0% liked)

Beehaw Support

2794 readers
1 users here now

Support and meta community for Beehaw. Ask your questions about the community, technical issues, and other such things here.

A brief FAQ for lurkers and new users can be found here.

Our September 2024 financial update is here.

For a refresher on our philosophy, see also What is Beehaw?, The spirit of the rules, and Beehaw is a Community

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

if you can see this, it's up  

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
172
Warning: lemmy.world just got hacked (beehaw.org)
submitted 1 year ago by [email protected] to c/[email protected]
53 comments fedilink hide all child comments
 

I would be cautious about viewing any Lemmy.world communities right now, and the Beehaw admins should make sure their credentials are locked down in case they get targeted next.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 31 points 1 year ago (4 children)

Just because Beehaw is defederated from this instance, that does not mean that visiting a recently compromised server will not cause your credentials to be compromised.

[–] [email protected] 13 points 1 year ago (2 children)

Read the post again. It was specifically mentioning viewing lemmy.world communities, which is not possible through beehaw.org due to defederation. All you would see is the content before defederation.

[–] [email protected] 11 points 1 year ago

Not possible with a beehaw account. But we know many of us may have accounts elsewhere.

[–] [email protected] 3 points 1 year ago

I don't have to read the post again, nobody should be accessing hacked servers and expecting their credentials to be safe.

[–] [email protected] 10 points 1 year ago

It's also possible that Beehaw's instance is vulnerable to the same XSS attack.

[–] [email protected] 8 points 1 year ago (1 children)

No user data like credentials gets transfered. Everything between instances is done with bot like helpers that do the data transfers.

[–] [email protected] 4 points 1 year ago* (last edited 1 year ago) (1 children)

That's the problem, they don't. If you have them stored anywhere on the device you view the communities with, your credentials are not safe.

Edit: this was for someone else.

Anything can be transferred without your knowledge. Do not access hacked servers while expecting privacy.

[–] [email protected] 2 points 1 year ago

That would require your device to get hacked, not just the server.

As for privacy... there is really little of that on Lemmy or the fediverse as a whole.

[–] [email protected] 4 points 1 year ago (1 children)

Why would a "foreign" instance need to know my credentials from my local instance just to allow me to browse that foreign instance?

[–] [email protected] 1 points 1 year ago

That's the problem, they don't. If you have them stored anywhere on the device you view the communities with, your credentials are not safe.