Notes: The vulnerability appears to be with Lemmy software, and other instances are possibly vulnerable until the Lemmy devs resolve it, however Lemmy.World has implemented their own fix in the meantime. It has not yet been ruled out if non-admin users have had their tokens compromised, but all accounts should be forced to manually log in again, as a preventative measure.
Fmhy is also down, wonder if it’s been hacked as well.