I woke up this morning to many complaints, all from accounts I don't recognize. It seems that either my account was compromised, or a third party took control of one of my anti-porn block lists and added others to it.
I've since deleted these moderation lists, and I apologize for any inconvenience.
I've since deleted these moderation lists, and I apologize for any inconvenience.
Comments
One questions though, how? Just in general and not specific to this incident, any services that you gave tokens to to manage your lists?
Once I find out more, I'll report it to the BlueSky security team.
Another thing that comes to mind is that a lot (~30) prominent chrome extensions got compromised (means all your online creds are possibly compromised) https://www.forbes.com/sites/daveywinder/2025/01/02/critical-google-chrome-warning-for-26-million-as-2fa-hackers-attack/
Sry i don't want to blackpaint this (is this saying a thing in the US?) but better safe than sorry.
I'm only just now finding out about this, but it appears to be a hack of some kind.
Thank you for letting me know! It was news to me as well! π
I didn't know you can add peopes to somenone else's list, it's a news
Sorry again that you (and so many others) were dragged into this mess. If there's anything further I can do, please let me know.
Have a nice evening.
Some folks have seen that a second account had made the changes. All it shows now is "handle.invalid", so I'm assuming it's been removed.
Glad that part has been taken care of. At the same time, that doesn't undo the shock of everyone surprised by this (me too!)
I was trying to figure out what could have caused the scrape from my end!
Then a friend pointed out that I have rubber chicken in my bio π so possibly that π€£π€£
Have a nice evening.
Instead, everyone was notified they were blocked, even if that wasn't actually the case? No idea how many folks were affected, though.
Yup, mine came through as a notification as well, then I clicked on the list and got even more confused.
Anyway, no harm done. What a pain for you, though! Nice to meet you, btw. Thanks for being so straight up about it.
(At the same time, I think I'm on every possible Block List by now. This account might already be doomed from the start.)
All of these new accounts are ones I've never seen before, and all appear at a quick glance to be completely normal and seemingly porn-free.
But, everything is now deleted. If you find anything else, PLEASE let me know such that I can correct this!
I did block a few ... VERY explicit accounts. But yours looks as normal as they come. No idea as of yet how you (and others) got tied up into this.
He deleted it.
All should be well, as far as the accounts here go. I've emailed BlueSky's security team to try and find out how this might have happened in the first place.
Timestamp shows it happened while I slept. People were notified but never added. Lisifications post confirms some of this. "handle.invalid" (not me) made the blocks. And I'm taking steps to fix.
also sorry that you had to go thru this too.
Doing what I can to help minimize the damage. If there's anything else you can think of, let me know!
i'll let you know if i can think of any...
You deleted the furry list... not "these moderation lists" did you think no one would check?
The rest are simply "Lists". These are to filter down and only see a certain type of content.
Full disclosure: I'm a D&D and Anime nerd from Alabama. So I've started lists to help find friends on here.
Sorry dude, but you're still on my bad list and i'm beyond furious that a pic with my kid and his stuffed animal landed me on YOUR block list.
1) This happened while I slept.
2) I've taken action to correct this.
3) Multiple people confirm they were notified, though never actually added.
4) "handle.invalid" updated this, not me
5) Listifications app creator posted to confirm what they've found.
Still not sure how "invalid.handle" managed to add people here. But the simplest fix is to get rid of it entirely, explain what happened, and apologize.
Thanks for letting me know. And sorry again for any trouble.
Still not sure how "handle.invalid" was able to take control of this and add so many people. Could be a technical glitch, or a hack as most accounts added appear to be left-of-center.
Either way, following up with BlueSky support to put an end to this.
I was confused to find myself on such a list and discover that the owner of that list seemed like a pretty normal account. Blocklists can be a dangerous tool...
Great, in theory, to be able to banish all accounts of a certain type with just one click.
Terrible in execution, as it's easy to slip an account you simply don't like onto one of these lists.
Thanks for deleting it.
Sorry again for the trouble. If there's anything else I can do to help, please let me know.
Not exactly the thing I wanted to wake up to on a Monday morning! π
β¦ greetings from Germany.
I wish we had met under better circumstances than this. But thank you for your patience and understanding here.
I did want to filter out some of the more ... explicit content. The accounts I added were all fairly obvious, however.
Not sure what happened, but I've since deleted the list entirely.
Those filters work great with keywords or tags. Less so with images.
I could block all NSFW material entirely, but I instead used a targeted list as not to overly block too many people. (Ironic, considering how things turned out.)
BlueSky's a relatively new platform, and just got hit by unexpected growth. I'm expecting a number of bugs and glitches to pop up. (Just wasn't expecting it to involve me, personally.)
My apologies for not seeing your initial post, and for you getting dragged into all this mess somehow.
Not sure how or why that happened. Could be an error with the notification itself? Either way, doing what I can to fix things.
You might want to contact Bluesky support about that.
In any case, if you want to avoid a certain type of content, my original reply is still valid :)
https://bsky.app/profile/theblackhole.bsky.social/post/3lfmuhawyf22z
There needs to be a way to manage interactions with lists: to remove yourself from a list directly.
Xitter lists were used to stalk and harass, and it's happening here now by the looks of things.
I'm the one getting beaten up over all this, however. So I'm definitely eager to find the culprit!
Iβve unblocked you, and Iβll attempt to delete the post that I tagged you in.
Reports say that "handle.invalid" added them to the list. My guess would be a hijack of some kind? Like an injection attack?
Purely guessing at this part, however. Thus far, all I've had time to do was delete the list and apologize.
Not something I'd prefer to interact with or see, personally, so I tried blocking the most prolific creators without fully locking out all content labeled NSFW.
To rectify, I've since deleted it in its entirety, and will be in communications with the BlueSky security team to try and discover how this happened.
(All I've discovered so far was that a second, now deleted, profile was involved.)
If you do notice anything for whatever reason, especially if it comes from "invalid.handle" rather than from me, please let me know!
I hope the rest of the week goes better. π
Haha. I just saw that i was on it.
That's the reason I first created a moderation list. To filter out the sorts of posts I'd rather not see completely filling my feed.
Not sure how so many others were added without my knowledge?
(Not sure how much good it'll do in the end, as most people seem to have returned the block and moved on. But if there's something I can do to ease tensions, then it's worth the time and effort.)