Hacker Stole Reddit User Data from 2007 and Earlier

Hacker Stole Reddit User Data from 2007 and Earlier

A bad actor was able to gain access to Reddit's systems through intercepting the two-factor SMS verification system.

Reddit, a popular aggregator of user rated content,  informed its users that a hacker broke into some of its systems and accessed user data, including email addresses and a 2007 database that contained usernames and passwords that were already "salted and hashed" or scrambled for protection.

Reddit sent emails to all its affected users - mostly people who joined Reddit in 2007 or earlier. The hacker was able to read the email digests Reddit sent out in June 2018 as well, so they could see the users' email addresses and relevant, safe-for-work subreddits they followed.

Reddit is recommending users who may still be using passwords similar to the ones they had in 2007 to change their password on Reddit and other websites.

The company is also encouraging users to enable token-based two-factor authentication through a service like Authy or Google's Authenticator, as the hacker gained access to Reddit's systems through an SMS intercept attack.

Between June 14th and June 18th, the hackers compromised several Reddit employee's accounts through the company's cloud provider and source cost hosts. Reddit had required two-factor authentication on its accounts but the hacker intercepted the SMS verification and was able to gain access.

The hacker could see backup data, source code and other employee logs in Reddit systems, but did not have access to changing any of it.

By June 19, Reddit discovered the attack and began investigating the extent of the damage, while ramping up security measures. Reddit contacted law enforcement and is cooperating with their investigation.

Below is the message Reddit posted for its users:

We had a security incident. Here's what you need to know. from r/announcements

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

Featured

Featured Cybersecurity

Webinars

New Products

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation. 3

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises. 3

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3