As some of you may know, a vulnerability was discovered and exploited last night against a couple Lemmy servers. The admins were quick to respond, crowd-source solutions, and mitigate the damage. Patches have been deployed and the malicious content has been removed. For more details on the attack itself, see: Ruud’s post on Lemmy.world

Unfortunately, due to the extent of the attack this required rotating our secret which forcibly logs out all users. This is for your protection even if we weren’t directly attacked. The reason for this is because as part of the attack the exploit was harvesting any user’s cookies that had viewed the content.

If you are a user on any other servers and have not been logged out, it’s possible those accounts are vulnerable. I’d suggest reaching out to those admins to ensure they’re taking the proper precautions.

We will continue to monitor the situation and proceed as necessary.