Hmmm it was even able to pull in private DMs.
Maybe private DMs on Mastadon aren’t as private as everyone thinks… that, or the open nature of Activity Pub is leaking them somehow?
Edit - From the article:
Even more shocking is the revelation that somehow, even private DMs from Mastodon were mirrored on their public site and searchable. How this is even possible is beyond me, as DM’s are ostensibly only between two parties, and the message itself was sent from two hackers.town users.
From what @delirious_owl@discuss.online mentioned below, it sounds like this shouldn’t be very shocking at all.
What @delirious_owl@discuss.online seemed to be implying is that direct messages on Mastodon should be considered “public” rather than “private”.
I’m assuming that’s along the same lines of how Lemmy users generally think that their upvotes/downvotes are private when in reality, if you know how to look for them, you can see them.