I would be cautious about viewing any Lemmy.world communities right now, and the Beehaw admins should make sure their credentials are locked down in case they get targeted next.

  • BrikoX
    link
    fedilink
    arrow-up
    31
    ·
    1 year ago

    You are already defederated from them…

      • BrikoX
        link
        fedilink
        arrow-up
        10
        ·
        1 year ago

        Read the post again. It was specifically mentioning viewing lemmy.world communities, which is not possible through beehaw.org due to defederation. All you would see is the content before defederation.

      • TheOtherJake@beehaw.org
        link
        fedilink
        arrow-up
        8
        ·
        1 year ago

        No user data like credentials gets transfered. Everything between instances is done with bot like helpers that do the data transfers.

      • SatyrSack@lemmy.one
        link
        fedilink
        arrow-up
        4
        ·
        1 year ago

        Why would a “foreign” instance need to know my credentials from my local instance just to allow me to browse that foreign instance?

    • darrsil@beehaw.orgOP
      link
      fedilink
      arrow-up
      20
      ·
      1 year ago

      Ah, didn’t realize they were already defederated. Still, admins should be on the lookout for an attack on Beehaw.

        • Fester@lemm.ee
          link
          fedilink
          arrow-up
          11
          ·
          1 year ago

          People have multiple accounts - maybe even specifically to view .world, or on .world, and this PSA is what made them think twice before switching to it. I mean, you’re here reading and commenting on this post, and you’re not a beehaw.org user. But you could also have a beehaw account if you wanted. If you did, maybe you’d have been on it browsing local when you saw this.

          Not sure why this post is a problem. It’s a good PSA.

    • Rentlar@lemmy.ca
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      Main concern would be for people browsing lemmy.world in another tab while logged into beehaw. It could potentially steal your Beehaw session cookie even if not logged into lemmy.world.