cross-posted from: https://lemmy.world/post/1287053
Be alert, Please do not launch a new tab of Lemmy.World. Having tabs already open with this site is fine but as soon as you do you will be bombarded with awful content with malicious intent to cause shock, disgust and distress.
In the meantime use alternative instances, other instances are not affected by this compromise. Do not open any links/posts from the user MichelleG.
Thanks for reading, please stay safe out there Lemmy users!
Update: Lemmy World is under attack again.
Going through an app also prevents the awful redirects.
Speaking of apps. Seems like this is a possible attack vector.
Maybe a malicious actor copies code of one of the popular apps (Voyager/wefwef), adds code to extract JWT token or whatever auth token, gathers list of high value targets (admins / mods of large instances or communities), then hijacks instance.
Very easily could have been much worse. On the flip side, glad it was just a script kiddie