Reddit this morning announced that it has suffered a data breach, with a hacker able to access email addresses from some current accounts and a 2007 database backup that included old salted and hashed passwords.
The data breach occurred between June 14 and June 18, with hackers accessing Reddit employee accounts through the company's cloud and source code hosting providers rather than the site itself. Those systems used SMS-based two-factor authentication that failed, and the main attack happened through SMS intercept.
Reddit has a detailed list of what was accessed. A complete copy of an old database backup containing early Reddit user data was stolen, and Reddit says that the most significant data in the backup included account credentials (username and salted hashed passwords) email addresses, and public and private messages.
Email digests sent by Reddit in June 2018 were also obtained. This included usernames linked to an associated email address along with suggested posts from select subreddits.
Reddit is sending emails to users affected by the database hack, which does not impact people who signed up for reddit after 2007.
Customers who do not have an email address associated with their accounts or who did not check the "email digests" user preference are not affected by the email digest breach.
Reddit has informed law enforcement and is cooperating with an investigation and has taken measures to ensure privileged access to its systems are more secure.
Reddit says it will be resetting the passwords of affected users, but the site recommends all Redditors consider updating their passwords to something strong and unique, as well as enabling two-factor authentication. Reddit's two-factor authentication is via authenticator app and is not vulnerable to SMS intercept.
The data breach occurred between June 14 and June 18, with hackers accessing Reddit employee accounts through the company's cloud and source code hosting providers rather than the site itself. Those systems used SMS-based two-factor authentication that failed, and the main attack happened through SMS intercept.
Reddit has a detailed list of what was accessed. A complete copy of an old database backup containing early Reddit user data was stolen, and Reddit says that the most significant data in the backup included account credentials (username and salted hashed passwords) email addresses, and public and private messages.
Email digests sent by Reddit in June 2018 were also obtained. This included usernames linked to an associated email address along with suggested posts from select subreddits.
Reddit is sending emails to users affected by the database hack, which does not impact people who signed up for reddit after 2007.
Customers who do not have an email address associated with their accounts or who did not check the "email digests" user preference are not affected by the email digest breach.
Reddit has informed law enforcement and is cooperating with an investigation and has taken measures to ensure privileged access to its systems are more secure.
Reddit says it will be resetting the passwords of affected users, but the site recommends all Redditors consider updating their passwords to something strong and unique, as well as enabling two-factor authentication. Reddit's two-factor authentication is via authenticator app and is not vulnerable to SMS intercept.
Tag: Reddit
41 comments
The second beta of iOS 13.3.1, released earlier this month, includes a toggle for disabling the Ultra Wideband chip in the device.
Found by Twitter user Brandon Butch (via 9to5Mac), the toggle...
Executives from PopSockets, Sonos, Basecamp, and Tile are attending a congressional hearing today to testify in an ongoing antitrust inquiry involving major tech companies like Amazon, Apple, Google,...
Apple today announced that it has signed a multi-year agreement with award-winning actress and producer Julia Louis-Dreyfus, who will develop new projects exclusively for Apple TV+ as both an...
Dutch company Robin Telecom today announced that its Robin ProLine doorbell is the first to support HomeKit Secure Video, allowing the camera to capture and store recordings securely in iCloud.
...
The entire first season of "Little America," an immigrant anthology series created by Kumail Nanjiani and Emily V. Gordon, is now available to stream on Apple TV+.
The show features...
Apps designed for the Mac often don't receive as much attention as apps designed for iPhones and iPads, so we have a series here at MacRumors that highlights useful and interesting Macs worth...
NBC today announced that its upcoming Peacock streaming video service is set to launch in the United States on July 15.
The service, which will offer upwards 7,500 hours of programming including...
In a news story about an Apple employee who has started a barbershop for at-risk youth, Apple today said that between its own donations and employee donations, it donated more than $100 million...
