Published: Fri, August 03, 2018
Hi-Tech | By Grace Becker

Reddit was hacked. Here's how to learn if you were affected

Reddit was hacked. Here's how to learn if you were affected

Reddit has disclosed that "a few" of its employees' accounts at its cloud and source code hosting providers were recently compromised, and that the attackers gained access to a significant amount of user data. If so, Reddit users could be potentially robbed of their anonymity if usernames are connected to emails.

They were able to obtain usernames and corresponding email addresses - information that could make it possible to link activity on the site to real identities.

Reddit said that the hacker did not gain write access to its systems only read-only access to some systems that contained back-up data, source code and other logs.

If you still use the same Reddit password you did in 2007, wow: you've been on Reddit a long time.

Reddit suggested today that it was through SMS intercept that passwords were captured with malicious intent.

How to tell if your information was included: If you don't have an email address associated with your account or your "email digests" user preference was unchecked during that period, you're not affected.

"We learned that SMS-based authentication is not almost as secure as we would hope", Reddit said in its warning post.

10-Year-Old Clark Kent Shatters Phelps’ 100M Butterfly Record
This Superman is just 10 years old, and he's already shattered one of Phelps' oldest swimming records. Apuada started swimming at four but had just been into competitive swimming since he was six.

"When Reddit started using SMS for two-factor authentication in 2005 it was a best practice, but over the past 15 years, smartphones have become the primary user device and hackers have migrated their focus and efforts to taking advantages of weaknesses in areas that were once very limited in their nature", he said.

The data breach took place between 14 June and 18 June, when as-yet-unknown culprits accessed employee accounts through an SMS intercept attack, Reddit's chief technology officer Christopher Slowe said in a post to r/announcements. With so many data breaches happening lately, the chances that a re-used password was exposed is quite high.

Reddit contacted law enforcement.

If the passwords haven't been properly salted (unique salt for each password), the attacker might recover some of them relatively quickly and might try to use the compromised account name and password pairs on other websites. "In fact, recent McAfee research reveals a third of people rely on the same three passwords for every account they're signed up to and this needs to change immediately", said Allen Scott, the consumer EMEA director at security company McAfee. Unfortunately many sites do not support any kind of 2-factor authentication - let alone methods that go beyond SMS or a one-time code that gets read to you via an automated phone call. Fortunately, the hacker/hackers only gained access to backups from May 2007.

Predictably, security specialists are pointing out this hack as another example of the failure of two-factor authentication.

So, what do you think about this?

So, regardless of whether or not you've got an email from Reddit it might be an idea to change your password.

Like this: