"Already having our primary access points for code and infrastructure behind strong authentication requiring two factor authentication (2FA), we learned that SMS-based authentication is not almost as secure as we would hope, and the main attack was via SMS intercept", notes the statement.
The first dataset contained old user information from May 2007.
Instead, Reddit suggested users concerned should search their own inboxes to see if they have received an "email digest" from the firm between 3 and 17 June this year - the period of time for which hackers were able to obtain detailed logs on user activity and identity.
"If your account credentials were affected and there's a chance the credentials relate to the password you're now using on Reddit, we'll make you reset your Reddit account password".
Reddit noted that the hacker only gained "read-only" access instead of "write access" in their company systems, meaning the backup data and source code, as well as other logs, were not accessed. And for users whose email addresses were accessed through the email digest, Reddit said, "think about whether there's anything on your Reddit account that you wouldn't want associated back to that address".
Reddit's founding engineer, Christopher Slowe, said in a post Wednesday on the social networking site that the hacker accessed data from the site's launch in 2005 through May 2007.
On June 19, Reddit staff learned that an attacker compromised the accounts of employees between June 14 and 18 by using the cloud and source code hosting providers. The platform noted that SMS-based two-factor authentication was clearly not as effective as using an authenticator app.
It took Reddit over a month to come forward with the confirmation of the breach, so it's likely that they now have a pretty good idea of what went on.
From rags to riches to charity, here's celebrating JK Rowling
It is like a comforting thing from your childhood that reminds you of a handsome time. Another Bengalurean feels that Harry Potter helped her get through some hard times.
Three people dead in plane crash at Greenville, Maine airport
A spokesperson with the Piscataquis County Sheriff referred all questions to the FAA, which is now conducting an investigation. It was bound for Charlottetown Airport, which is on the island province of Prince Edward Island in Atlantic Canada.
Leaked DJI Mavic 2 advert confirms Pro and Zoom models
Now thanks to a render obtained by the folks at Photo Rumors , we have a better idea of what the upcoming drone could look like. The Pro version has a 1-inch CMOS sensor Hasselblad camera , while the Zoom version has a 2x zoom lens and Dolly Zoom effect .
There are two parts to this story - who is affected and the weakness the company says led to the breach itself.
If it's the latter then the risk here would be for the probably small group of users who haven't changed their password since then or did change it but used it on other sites without updating it there too.
There were two main bits of info stolen in the Reddit attack.
That means they not only have to enter a password to log in, but they also need to receive a special code sent via text.
Anyone anxious about this can remove some or all of that data by following these help instructions. The company said that since the intrusion it has bolstered its monitoring systems and has reported the breach to law enforcement, which is investigating.
Furthermore, two-factor authentication is something that everyone should be using by now.
Recent Reddit users aren't entirely out of the woods, either.
The internet is forever, and, yes, that apparently includes your old Reddit private messages.