Reddit is known as the front page of the internet for a reason. The site has gone on to become one of the most popular in the world since launching back in 2005. Unfortunately, those who had accounts back in the early days may now be at risk, as Reddit has announced that it suffered a security breach.
In an announcement, Reddit admin, KeyserSosa, explained that a hacker broke into some of the site’s systems and managed to access some user data. This includes some current email addresses and a 2007 database backup containing old hashed passwords. The issue was discovered on the 19th of June, while the actual hack took place between the 14th and 18th of June.
“On June 19, we learned that between June 14 and June 18, an attacker compromised a few of our employees’ accounts with our cloud and source code hosting providers. Already having our primary access points for code and infrastructure behind strong authentication requiring two factor authentication (2FA), we learned that SMS-based authentication is not nearly as secure as we would hope, and the main attack was via SMS intercept.”
The attacker did not gain write access to Reddit systems, but did gain read-only access to backup data, source code and other logs. During the hack “all Reddit data from 2007 and before” was accessed, this includes account credentials and email addresses. Reddit’s ’email digests’ sent in June 2018 were also accessed, which could be used to connect a specific email address to a username. These emails would also provide a look at what each individual is interested in viewing on the site.
Anyone that was affected by this will receive a message from Reddit staff informing them that there is a chance that their account details have been compromised. Some users will need to reset their Reddit passwords, and everyone on the site is encouraged to enable two-factor authentication.
KitGuru Says: If any of you have been on Reddit since the very early days, then now would be the time to think about whether or not you are still using the same password. Were any of you affected by the Reddit hack?