Is this something that was easy to hack or was the hacker really good?
Leaked DMs would be my nightmare. I don’t use DMs on here.
Discussion
I’m not sure tbh, it seemed clever but I don’t fully understand what happened.
Nostr has encrypted DMs so that can’t really happen here. But there are new extensions like nos2x so clients can’t hypothetically steal your nsec.
Oh yeah. Encrypted DMs. You’re right. I’m glad I came back. My brain was starting to get rusty.
nostr:npub1ue4z8d9z7de6pvlx22jgzmc4hamn43rg95gsdhkenvenvm0ma62qjpv4eh nostr:npub1hg5g87620a3vhpgmna2pzevhj88lkt3lezus76p7u5y37sfcszsszktya9 The best policy is just to not use DMs at all, and if someone DMs you, treat your response as if it WILL (not might) be leaked to the world one day, and sooner than you'd like.
Yeah. That’s a good policy.
It was as sophisticated as it needed to be. The collective that did it have hit stronger targets in the past. They were aided by pleroma being fairly insecure. If the vulnerability they used had been patched they would have found something else.
Interesting. So they’re a known collective?