Theoretically speaking of course ;)
If my home instance gets hacked, what’s the worst case scenario for my personal data?
Nothing. Everything your instance has is your IP address (mostly useless) and password hash (also mostly useless). Everything you have here is public. Maybe except your settings, like light/dark mode.
Password hashes are only useless if you have a good password to begin with.
If not, they can likely get your actual password from it if you re-use passwords etc.
Your email gets spammed, and your embarrassing subscription list and reading history gets forwarded to your boss/spouse are things that immediately come to mind. Also your PM’s if you use those. Lemmy should really rethink its privacy posture. Of course you should never share passwords between sites, so if your password gets cracked, it won’t be usable elsewhere.
Lemmy currently doesn’t have private communities afaik, but if it did, those would also be compromised.
Does it only keep the current email address, or a history of them? I am guessing some people who used emails with personally identifying information in the account name may want to switch to a proton mail account.
