Emails/users plus passwords can be used for bruteforcing other accounts (usernames and passwords are often reused), or they could hijack your account on chapo.chat (which is the current backup domain for hexbear).

No data has been, or will be, directly compromised by the domain name drama. The admins still have control of the underlying lemmy instance - it's simply pointing to a new name in DNS records (what computers use to map unwieldy IP addresses to friendly webdomain.farts.org type names)

Your DMs and other info are not compromised unless you were to give someone your login info (which is what a MITM attack above would try to do).

Bear (lol) in mind that DMs on activitypub ARE NOT ENCRYPTED. Admins of a lemmy instance can snoop on the DMs of any of their users. Even if HTTPS encrypts data during transit, once it's at the recipient it is no more secure than any public post. Use Signal or PGP-encrypted email if you are sharing any information that you don't want to get snooped or leaked should an admin or malicious attacker access your DMs.

[–] DisabledAceSocialist@lemmygrad.ml 2 points 1 week ago (1 children)

Emails/users plus passwords can be used for bruteforcing other accounts (usernames and passwords are often reused), or they could hijack your account on chapo.chat (which is the current backup domain for hexbear).

would I have to try to login again for this to happen, or could it happen anyway?

[–] merthyr1831@lemmy.ml 2 points 1 week ago (1 children)

You would have to attempt to log in on a phony website. This domain auction does not give the new owner any access to the data stored on the current lemmy instance hosted underneath it.

It's like selling your house. The new owner may get your address, but they don't get ownership of your furniture.

[–] DisabledAceSocialist@lemmygrad.ml 1 points 1 week ago

OK thanks for the info.