@forteller@octodon.social @thibaultamartin Let me find the writeup for that, it wasn't "hacked" per se, and an error in code specific to the french deployment
It allowed someone to sign up on an instance that was set to only allow sign-ups from specific email-addresses. It did not give access to any existing accounts or communications.
as a sidenote, the Ars Technica article about this has some factual errors, the matrix.org tweet linked refers to a different incident, which was unrelated to Matrix/Synapse
@forteller@octodon.social @thibaultamartin the details are on https://matrix.org/blog/2019/04/18/security-update-sydent-1-0-2
It allowed someone to sign up on an instance that was set to only allow sign-ups from specific email-addresses. It did not give access to any existing accounts or communications.
as a sidenote, the Ars Technica article about this has some factual errors, the matrix.org tweet linked refers to a different incident, which was unrelated to Matrix/Synapse