Reddit Suffers 'Serious' Security Breach

Reddit Suffers 'Serious' Security Breach

Reddit Suffers 'Serious' Security Breach

A major security breach at Reddit has left sensitive details of users exposed, including their email addresses, private messages and usernames.

"Already having our primary access points for code and infrastructure behind strong authentication requiring two factor authentication (2FA), we learned that SMS-based authentication is not almost as secure as we would hope, and the main attack was via SMS intercept", notes the statement.

The first dataset contained old user information from May 2007.

Instead, Reddit suggested users concerned should search their own inboxes to see if they have received an "email digest" from the firm between 3 and 17 June this year - the period of time for which hackers were able to obtain detailed logs on user activity and identity.

"If your account credentials were affected and there's a chance the credentials relate to the password you're now using on Reddit, we'll make you reset your Reddit account password".

Reddit noted that the hacker only gained "read-only" access instead of "write access" in their company systems, meaning the backup data and source code, as well as other logs, were not accessed. And for users whose email addresses were accessed through the email digest, Reddit said, "think about whether there's anything on your Reddit account that you wouldn't want associated back to that address".

Reddit's founding engineer, Christopher Slowe, said in a post Wednesday on the social networking site that the hacker accessed data from the site's launch in 2005 through May 2007.

On June 19, Reddit staff learned that an attacker compromised the accounts of employees between June 14 and 18 by using the cloud and source code hosting providers. The platform noted that SMS-based two-factor authentication was clearly not as effective as using an authenticator app.

It took Reddit over a month to come forward with the confirmation of the breach, so it's likely that they now have a pretty good idea of what went on.

Dan Coats’s subtle-yet-stunning admission about Trump’s meeting with Putin
Stewart asked. "The thing we have to decide is does Vladimir Putin know the answer to that question". Mr Bolton stepped forward to maintain that it had been discussed.

Australia, NZ firefighters fly out to battle deadly California wildfires
The fire, which is almost twice the size of Sacramento, was only partially contained after more than a week. The two fires have killed eight people, with the Carr Fire alone responsible for six of the deaths.

National Archives: We can't produce all Kavanaugh docs until end of October
Republicans have been hesitant to request those records, however, and have accused Democrats of engaging in stalling tactics. But they don't contain the broader cache of files being sought by Democrats from Kavanaugh's time as Bush's staff secretary.

There are two parts to this story - who is affected and the weakness the company says led to the breach itself.

If it's the latter then the risk here would be for the probably small group of users who haven't changed their password since then or did change it but used it on other sites without updating it there too.

There were two main bits of info stolen in the Reddit attack.

That means they not only have to enter a password to log in, but they also need to receive a special code sent via text.

Anyone anxious about this can remove some or all of that data by following these help instructions. The company said that since the intrusion it has bolstered its monitoring systems and has reported the breach to law enforcement, which is investigating.

Furthermore, two-factor authentication is something that everyone should be using by now.

Recent Reddit users aren't entirely out of the woods, either.

The internet is forever, and, yes, that apparently includes your old Reddit private messages.

Latest News