Click to Skip Ad
Closing in...
  1. Prime Day Fire TV Deals
    12:56 Deals

    Amazon’s early Prime Day smart TV deals are unreal, including a 70″ 4K Fire TV…

  2. Amazon Deals
    10:30 Deals

    Today’s top deals: Free $15 Amazon credit, $530 70″ TV, $4 smart plugs, $8 sma…

  3. Prime Day Headphones Deals
    13:07 Deals

    Best Prime Day headphones deals: AirPods, Sony, Beats, and more

  4. AirPods Pro Prime Day Deal
    14:27 Deals

    Apple Prime Day deals are already here for AirPods and more – 5 deals you need to se…

  5. Best Amazon Deals Today
    07:58 Deals

    15 hidden Amazon deals that are so exclusive, they’re only for Prime members

Reddit discloses ‘serious’ security breach it discovered on June 19th

August 1st, 2018 at 3:03 PM
Reddit security breach

Reddit has disclosed a security incident it’s described as a “serious attack,” which it has been investigating for more than a month which the company says entailed a hacker breaking into some of its system and accessing user data. That data included some current email addresses, as well as an old database backup that contained salted and hashed passwords.

The company in a post today says it discovered the attack — which happened between June 14 and June 18 — on June 19. “An attacker compromised a few of our employees’ accounts with our cloud and source code hosting providers,” the post reads. “Already having our primary access points for code and infrastructure behind strong authentication requiring two factor authentication (2FA), we learned that SMS-based authentication is not nearly as secure as we would hope, and the main attack was via SMS intercept. We point this out to encourage everyone here to move to token-based 2FA.”

One very small silver lining in what happened, the post continues, is that the attacker didn’t gain write access to Reddit system. They were only able to get read-only access to some systems — of course, systems that contained backup, source code and other logs. Reddit says it’s already taken steps in the weeks since the attack to further lock down and rotate all production secrets and API keys, and to enhance logging and monitoring systems.

You can read the entire post here. Among the data that was accessed:

Reddit says the attacker was able to get into an old database backup copy that contained early Reddit user data, from the site’s launch in 2005 through 2007. “The most significant data contained in this backup are account credentials (username + salted hashed passwords), email addresses, and all content (mostly public, but also private messages) from way back then.”

If you signed up for Reddit after 2007, this doesn’t affect you. The company is sending a message to affected users and resetting passwords on accounts where the credentials might still be valid.

The company has already reported what happened to law enforcement and is cooperating with an investigation. Here’s what steps it says users should take: “If your account credentials were affected and there’s a chance the credentials relate to the password you’re currently using on Reddit, we’ll make you reset your Reddit account password. Whether or not Reddit prompts you to change your password, think about whether you still use the password you used on Reddit 11 years ago on any other sites today.

“If your email address was affected, think about whether there’s anything on your Reddit account that you wouldn’t want associated back to that address. You can find instructions on how to remove information from your account on this help page.”

The company goes on to recommend a strong, unique password and the enabling of two-factor authentication — not provided via SMS — for all users, and to keep a look out for potential phishing or scams.

Andy is a reporter in Memphis who also contributes to outlets like Fast Company and The Guardian. When he’s not writing about technology, he can be found hunched protectively over his burgeoning collection of vinyl, as well as nursing his Whovianism and bingeing on a variety of TV shows you probably don’t like.

Popular News