Thanks for replying! I poked around on FB and some forums earlier and found a bit of additional info to add to the above. Apparently this whole mess has been caused by a javascript exploit, and it can spread to your profile AND hijack your profile if you’re not careful.
What To Do If You’re Infected/How To Prevent Infection:
Do not view any other user’s profile while logged in! If you are tech saavy and know how to disable javascript or prevent it from executing, that should work as prevention. It’s also a good idea to delete your cookies.
Check your profile’s raw bio text for any lines of code. If you find anything wrong, delete it all just to be on the safe side.
CHECK YOUR BACKUP EMAILS IN YOUR ACCOUNT SETTINGS. If you see an address that shouldn’t be there, delete it and change your password immediately! The exploit adds a new email address to your list of backup emails; using this, the hackers can take control of your account.
The script now triggers on hover, a.k.a. mousing over an infected profile will spread the infection.
You can PROTECT YOURSELF WITH A SCRIPTBLOCKER EXTENSION such as YesScript (allows all by default)
or NoScript (blocks all by default)
FictionPress staff have not responded or made any public announcements, but it’s possible they may solve the problem by rolling back the website to a previous version. If so, the more recent stories may be lost. Just in case, back up your stories, reviews and favourites (especially those published in the past year)
tl;dr: If you use fanfiction.net, INSTALL A SCRIPTBLOCKER. Back up your stories and your favourites asap.
XI's Archived Tumblr Blog 