TL;DR: A recent security update required us to invalidate all active login sessions, causing users to be logged out. This was a precautionary measure, and you can securely log back in.

Dear Lemmy community members,

As you may have noticed, you were recently logged out of your account unexpectedly. We wanted to explain why this happened and assure you that your account is secure.

Our team identified a security issue related to custom emojis affecting several Lemmy instances. As part of the resolution process, it was necessary to invalidate all active login sessions - a process known as “rotating the JWT secret.” This precaution ensures that any potential unauthorized access is immediately stopped.

Please note that this incident only potentially affected users who visited pages with malicious content during a specific timeframe. This issue does not impact your passwords, so there’s no need to change them unless you choose to do so as an added precaution.

The security concern has been resolved, and you can securely log back into your account. The session invalidation means you’ll need to log back into your account on all devices.

For more detailed information about this incident, please visit this recent post.

We sincerely apologize for any inconvenience this may have caused. The security of our user accounts is our top priority. We have taken comprehensive steps to address the situation and will continue to monitor it closely.

Please note: This announcement was written with the assistance of ChatGPT, an artificial intelligence developed by OpenAI.

If you have any questions or concerns, please don’t hesitate to reach out.

Thank you for your understanding and your continued trust.

  • Raymonf
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I am upset. I demand compensation in the form of rice.