As in title. Just wanted to report this in case somehow the Lemmy.world devs somehow aren’t already well aware of this. I’ve had a new, not detected by my email provider (so probably fresh) phishing email on the address associated with my Lemmy.world account almost daily since the hack. While there’s always a possibility it was grabbed somewhere else, I assume that means the hackers grabbed the user email address’s of the Lemmy.world users to flog cheaply to spammers. Not much Lemmy.world can do retrospectively but might be worth looking at ways to avoid that being as easy in the event of another lemmy software security issue (could the addresses be stored encrypted possibly?) and, if possible, confirm that this has actually happened then issue a PSA to users so they are alert to be wary of suspicious emails to the account they registered with.

  • Ruud@lemmy.worldM
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    The only way they could have gotten your e-mail is by ‘stealing’ your cookie and using it to view your settings. But I think this was 1 person, and they were busy abusing the admins account they ‘hijacked’ so I doubt they abused any non-admin accounts. (But of course it’s possible).