Yes. They got hacked. An admin account got compromised, and the hackers exploited a bug in Lemmy-UI (the web site) that let them do things like redirect users to another site that let them run Javscript. It seems to have let them collect some user tokens from accounts, and access an admin account that way.
Yes. They got hacked. An admin account got compromised, and the hackers exploited a bug in Lemmy-UI (the web site) that let them do things like redirect users to another site that let them run Javscript. It seems to have let them collect some user tokens from accounts, and access an admin account that way.
If there’s a bug in the UI that allows this to happen, there’s a bug in the backend too. It looks like they’re working on both though