For those using Private message on Lemmy, there is a major vulnerability. It seems that this instance still runs 18.5

I know that our beloved admins are volunteers and busy, so I don’t blame them for not updating, but while waiting for the update be aware that your PM are as public as your comments

  • RightHandOfIkaros@lemmy.world
    link
    fedilink
    English
    arrow-up
    11
    ·
    10 months ago

    Lemmy has pretty lousy security in general, so really nobody should be storing any data on their Lemmy account that is important. Password, username, and any personally identifying information should never be shared across multiple sites or with other users, but this is just cybersecurity 100.

    • sugar_in_your_tea@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      1
      ·
      10 months ago

      Exactly. I don’t even have my email connected because I’d rather not get a ton of spam when Lemmy gets hacked.

      I did the same for Reddit, and I avoid any SM that requires me to associate my identity with it in any way.