Hacker Stole Reddit User Data from 2007 and Earlier

Hacker Stole Reddit User Data from 2007 and Earlier

A bad actor was able to gain access to Reddit's systems through intercepting the two-factor SMS verification system.

Reddit, a popular aggregator of user rated content,  informed its users that a hacker broke into some of its systems and accessed user data, including email addresses and a 2007 database that contained usernames and passwords that were already "salted and hashed" or scrambled for protection.

Reddit sent emails to all its affected users - mostly people who joined Reddit in 2007 or earlier. The hacker was able to read the email digests Reddit sent out in June 2018 as well, so they could see the users' email addresses and relevant, safe-for-work subreddits they followed.

Reddit is recommending users who may still be using passwords similar to the ones they had in 2007 to change their password on Reddit and other websites.

The company is also encouraging users to enable token-based two-factor authentication through a service like Authy or Google's Authenticator, as the hacker gained access to Reddit's systems through an SMS intercept attack.

Between June 14th and June 18th, the hackers compromised several Reddit employee's accounts through the company's cloud provider and source cost hosts. Reddit had required two-factor authentication on its accounts but the hacker intercepted the SMS verification and was able to gain access.

The hacker could see backup data, source code and other employee logs in Reddit systems, but did not have access to changing any of it.

By June 19, Reddit discovered the attack and began investigating the extent of the damage, while ramping up security measures. Reddit contacted law enforcement and is cooperating with their investigation.

Below is the message Reddit posted for its users:

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

Featured

New Products

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.