Reddit this morning announced that it has suffered a data breach, with a hacker able to access email addresses from some current accounts and a 2007 database backup that included old salted and hashed passwords.
The data breach occurred between June 14 and June 18, with hackers accessing Reddit employee accounts through the company's cloud and source code hosting providers rather than the site itself. Those systems used SMS-based two-factor authentication that failed, and the main attack happened through SMS intercept.
Reddit has a detailed list of what was accessed. A complete copy of an old database backup containing early Reddit user data was stolen, and Reddit says that the most significant data in the backup included account credentials (username and salted hashed passwords) email addresses, and public and private messages.
Email digests sent by Reddit in June 2018 were also obtained. This included usernames linked to an associated email address along with suggested posts from select subreddits.
Reddit is sending emails to users affected by the database hack, which does not impact people who signed up for reddit after 2007.
Customers who do not have an email address associated with their accounts or who did not check the "email digests" user preference are not affected by the email digest breach.
Reddit has informed law enforcement and is cooperating with an investigation and has taken measures to ensure privileged access to its systems are more secure.
Reddit says it will be resetting the passwords of affected users, but the site recommends all Redditors consider updating their passwords to something strong and unique, as well as enabling two-factor authentication. Reddit's two-factor authentication is via authenticator app and is not vulnerable to SMS intercept.
The data breach occurred between June 14 and June 18, with hackers accessing Reddit employee accounts through the company's cloud and source code hosting providers rather than the site itself. Those systems used SMS-based two-factor authentication that failed, and the main attack happened through SMS intercept.
Reddit has a detailed list of what was accessed. A complete copy of an old database backup containing early Reddit user data was stolen, and Reddit says that the most significant data in the backup included account credentials (username and salted hashed passwords) email addresses, and public and private messages.
Email digests sent by Reddit in June 2018 were also obtained. This included usernames linked to an associated email address along with suggested posts from select subreddits.
Reddit is sending emails to users affected by the database hack, which does not impact people who signed up for reddit after 2007.
Customers who do not have an email address associated with their accounts or who did not check the "email digests" user preference are not affected by the email digest breach.
Reddit has informed law enforcement and is cooperating with an investigation and has taken measures to ensure privileged access to its systems are more secure.
Reddit says it will be resetting the passwords of affected users, but the site recommends all Redditors consider updating their passwords to something strong and unique, as well as enabling two-factor authentication. Reddit's two-factor authentication is via authenticator app and is not vulnerable to SMS intercept.
Tag: Reddit
41 comments
Apple today updated its Mac Configuration Utility for authorized technicians with instructions on how to place the new Mac Pro in DFU mode, according to a reliable source. For existing Macs, this...
Apple today released the fourth betas of upcoming iOS and iPadOS 13.2 updates to developers, a week after seeding the third betas and a month after the release of iOS 13.1.
iOS and iPadOS 13.2...
Foxconn and Compal Electronics have obtained orders to assemble 2020 models of the Apple Watch, which would be Series 6 models if Apple sticks to its naming scheme, according to industry sources...
Today marks the 18th anniversary of Steve Jobs unveiling the original iPod at a small event on Apple's Infinite Loop campus. While the iMac started Apple's renaissance in 1998, it was the...
Ahead of the launch of Apple TV+ on November 1, Bloomberg Businessweek has explored Apple's foray into original content in a feature titled "The One Where Apple Tried to Buy Its Way Into...
Apple Pay has overtaken the Starbucks mobile app to become the most popular mobile payment system in the United States, claims a new report out today.
According to eMarketer, Apple Pay became...
Selena Gomez today released a new song and video entitled "Lose You to Love Me," and the entire video was shot in black and white using an iPhone 11 Pro.
Apple has released a...
Google last week announced its newest flagship smartphones, the Pixel 4 and the Pixel 4XL, both of which are meant to compete with the iPhone 11 and iPhone 11 Pro, Apple's newest devices launched...
