CATEGORIES
home News

Reddit Reveals Hackers Compromised User Data, How To See If You're Affected

by Shane McGlaunWednesday, August 01, 2018, 04:40 PM EDT

Reddit has announced that it suffered a security breach between June 14 and June 18 of this year. The website learned of the hack on June 19 and says that an attacker was able to compromise the accounts of a few Reddit employees along with Reddit's cloud and source code hosting providers. The main attack was apparently via an SMS intercept, as Reddit was using two-factor authentication.

hacker

The site notes that the attacker didn’t gain write access to its systems and had read-only access to some systems that contained backup data, source code, and other logs. After the attack, additional steps were taken to lock down the compromised data, and reddit says that it rotated all production secrets and API keys. Reddit says that it has been working with its cloud and service providers to understand how this will affect users. What Reddit found was that a complete copy of an old database was made.

reddit 2

Inside that database was a backup of early reddit user data from the launch of the site in May 2005 through May 2007. The most significant data in that database are account credentials that include usernames and salted hashed passwords, email addresses, and all public content along with private messages.

Reddit says that it is sending out messages to affected users and resetting passwords on accounts if the credentials stolen are still valid. If you signed up for Reddit after 2007, your account wasn’t compromised. The site gives this bit of advice:

If your account credentials were affected and there’s a chance the credentials relate to the password you’re currently using on Reddit, we’ll make you reset your Reddit account password. Whether or not Reddit prompts you to change your password, think about whether you still use the password you used on Reddit 11 years ago on any other sites today.

Reddit also recommends that you use a strong password along with two-factor authentication through its authenticator app (you can find instructions on how to enable this here). Another compromised bit is email logs that were sent in June 2018. The logs specifically contained email digests sent between June 3 and June 17. The logs connect usernames with associated email addresses and contain suggested posts from the safe for work subreddits users subscribe to. Reddit has reported the issue to law enforcement and is cooperating with the investigation. Reddit notes it suspects "weaknesses inherent to SMS-based 2FA to be the root cause of this incident."

For more information on what was stolen, how to determine if you're affected, and for a thorough discussion on the matter, check out this Reddit thread.

Tags:  security, Hack, attack, Reddit
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment