• Thu. Oct 12th, 2023

What Happened to Lemmy? Information About a Significant Breach and its Effects

Avatar photo

ByEsme Greene

Aug 20, 2023
Lemmy's Fate: Significant Breach and Effects
Esme Greene
Latest posts by Esme Greene (see all)

Lemmy’s open source software has been utilized on multiple websites that have recently been attacked by hackers who appear to have leveraged a zero day vulnerability. Open source software called Lemmy is used to build independent news aggregates and discussion boards. 

Although each Lemmy-based website is operated by a distinct person or group, thanks to its interconnectedness, visitors of one website can communicate with messages on other servers. At present, there are approximately 1,100 sites with a combined user base of over 850,000.

The Attacks

Recently, someone began taking advantage of a cross-site scripting (XSS) flaw related to the display of customized emoji. A number of well-known websites, including Lemmy.world, the most famous one with over 100,000 visitors, had their pages defaced by the attacker who took advantage of the vulnerability.

The theft of [JWT] authentication cookies led to the compromising of many user accounts on various important Lemmy websites. Administrators possessed a few of these cookies, and they were used to sabotage websites. Only users who clicked on links to rogue pages during the event were at risk, according to Lemmy.world’s administrators.

“All affected users’ private messages and email addresses were accessible to attackers thanks to the stolen cookies,” they continued. It appears that the attacker utilized the altered sites to steer visitors to offensive or frightening information.

Several of Lemmy’s websites had already been taken down before the onslaught started.

Users have been urged to modify their JWT passwords in addition to fixing the issue.

Avatar photo

Esme Greene

Esme brings a wealth of knowledge and experience to our website, specializing in all aspects of DarkWeb security. With a deep understanding of the intricate workings of the DarkWeb and its associated cybersecurity risks, Esme curates insightful and informative content for our readers.