As you may have seen, lemmy.world was recently compromised due to an attacker gaining access to an Administrator account.
This exploit is related to the custom emoji feature, so as a precaution the few custom emoji we had so far have been removed.
As the attack involves hijacking an already logged-in account session, all user sessions have been reset - just in case any possumpat.io account was compromised while we had custom emoji enabled. I apologize for the inconvenience.
I’ll update this post once we know more, and as always if you have any questions let me know.
Edit: For those interested in the technical details, this github thread details the vulnerability and ongoing efforts to mitigate it.
Edit: lemmy.world’s post on the hack.
Edit: Exploit has been patched, will re-enable custom emoji soon.