this post was submitted on 10 Jul 2023
3275 points (99.3% liked)
Lemmy.World Announcements
29158 readers
53 users here now
This Community is intended for posts about the Lemmy.world server by the admins.
Follow us for server news ๐
Outages ๐ฅ
https://status.lemmy.world
For support with issues at Lemmy.world, go to the Lemmy.world Support community.
Support e-mail
Any support requests are best sent to [email protected] e-mail.
Report contact
- DM https://lemmy.world/u/lwreport
- Email [email protected] (PGP Supported)
Donations ๐
If you would like to make a donation to support the cost of running this platform, please do so at the following donation URLs.
If you can, please use / switch to Ko-Fi, it has the lowest fees for us
Join the team
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
The malicious Javascript was in a post however, and that post spread to all Lemmies that saw the post.
I'm pretty sure all web browsers who saw that post passed the JWT cookie to the hacker. The hacker was looking for admin accounts and got the Lemmy.world admin first.
Depends, a large portion of users browse Lemmy from the apps. The apps communicate with Lemmy through the API. Some might have basic web browsing features in them, but that doesn't mean that they act exactly like a web browser would.