Follow have been pwned Vulnerabilities in the groovy plugin in , multiplied by the incorrect setting of the CI sandbox.

An attacker gained access to the servers hosting The intruder had access to the production databases, potentially giving them access to unencrypted message data, password hashes and access tokens. As a precaution, if you're a user you should change your password now.

Show thread

crosspost from @matrix since their instance is currently down:

We’ve taken down the servers which host and for emergency security maintenance - estimated downtime is several hours. More updates as we have them.

the security maintenance is to address issues with's production infrastructure. This is not a Synapse issue.

Show thread
Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.