IMHO Mastodon needs to have some kind of automatic update scheme to roll out bugfixes to these kinds of problems quickly … if there are enough instances out there vulnerable to this or any subsequent issues like it, we could end up with a situation where someone starts coopting Mastodon servers as part of botnets and costing their owners a ton of money in bandwidth bills, getting them IP-banned in various places, etc. The only way to fix this is fast automatic updating.

You wouldn’t root a toot

Were any servers hijacked?

aww, that’s a cute name

Very interesting! In the age of federated social networks it’s even more important that everyone create and use unique credentials on every instance and service they register with!