Reddit Hacked, User Data Dating Back to 2007 Left Vulnerable

Illustration of human skull made out of binary code with Reddit icons in it's eyes

Modal Trigger Composite iStock

Email digests sent between June 3 and 17 were also compromised, which contain usernames, email addresses, and info on a selection of popular subreddits you might subscribe to. The good news? Nothing too major was likely stolen. Primary access points for code and infrastructure are behind 2FA but SMS-based authentication was not secure enough.

Most of the other data accessed is on the Reddit backend, so there isn't expected to be other compromised user data. The culprit also viewed logs from Reddit's "email digests", which can associate a username with an email address, if you provided it.

"Whether or not Reddit prompts you to change your password, think about whether you still use the password you used on Reddit 11 years ago on any other sites today", he advised.

"We've been conducting a painstaking investigation to figure out just what was accessed and to improve our systems and processes to prevent this from happening again", Reddit explained.

Reddit said it would inform those affected by the loss of historic data, but would not be getting in touch with those impacted by the potentially much larger breach - a decision which has baffled prominent, independent security researchers.

Importantly, this part of the breach only affects users who signed up before 2007.

"From phishing scams and dictionary attacks - where fraudsters try certain common passwords based on the user's information - to synthetic identities, as little as an email address can go a long way in the hands of a bad actor".

Black pastor calls Donald Trump more 'pro-black' than Barack Obama
Seeking to distance himself from his ex-campaign chairman, Trump said , "He worked for me for a very short time ". White House press secretary Sarah Sanders brought the five out at the start of her briefing on Thursday.

Popularity often makes a website a juicy target for hackers, however, and Reddit's now found itself an unwitting victim. The 2007 database contained user names, email addresses, Reddit user posts and private messages.

Reddit uses two-factor authentication (2FA) to authenticate its primary access points for code and infrastructure, but Reddit said SMS-based authentication, which was targeted by the attacker, is "not almost as secure" as the company thought.

The 2007 breach included account details, and all public and private posts between the site's launch in 2005 and May 2007.

This access was achieved on some systems that contained backup data from 2007, source code and other logs. Is is there that you'll find the instructions you seek for the deleting of content you wish to delete.

The hacker also obtained logs of digest emails sent between June 3 and June 17, 2018.

The company said that since the intrusion it has bolstered its monitoring systems and has reported the breach to law enforcement, which is investigating.

Predictably, security specialists are pointing out this hack as another example of the failure of two-factor authentication.

Latest News