Reddit hack exposes old private messages

Reddit hack exposes old private messages

The former consists of "very early Reddit user data" from Reddit's launch in 2005 through May 2007 and included usernames, email addresses, posts, private messages and salted hashed passwords, while the latter consisted of account names and email addresses.

'If your email address was affected, think about whether there's anything on your Reddit account that you wouldn't want to be associated back to that address'.

The hacker did not gain write access to its systems, meaning they were unable to alter Reddit information.

A hacker managed to break into Reddit's systems, exposing user info.

The fact the attackers also gained access to some Reddit source code nearly feels like a small loss even though that is anything but the case.

As already mentioned, there's also a risk that should the compromised email addresses and usernames leak into the public domain - a likely event on past experience - the world will be able to associate comments with an email identity. Together, these details could.

Additionally, the attacker gained access to logs containing email digests sent by Reddit to users between June 3 and June 17, 2018. If you meet the criteria mentioned in the full breakdown, you should probably change your Reddit password - and you should probably look into two-factor authentication, either way.

Real Madrid president Florentino protests? Modric camp spotted in Milan
But, should Inter hope to sign Modric, they will have to play €750m according to Real Madrid president Perez. They have completed a loan deal for Modric's worldwide teammate Sime Vrsaljko from Atletico Madrid.

Ohio State using 'special, independent board' to run Urban Meyer investigation
When Meyer was hired by the Buckeyes, Smith again joined the staff as a receivers coach and ace recruiter. "Not just NFL-college. In fact, Courtney Smith said of the 2015 incident, " All the [coaches'] wives knew".

US Food and Drug Administration warns against vaginal rejuvenation devices
Some of the companies such as Cynosure that is owned by Hologic Inc. state that they have based their treatments on science. He said the agency doesn't know the extent of the risks because it hasn't reviewed the devices for such procedures.

The attacker wasn't able to make any changes to Reddit, but they gained access to private user files.

For users whose account credentials were compromised, Reddit will force a password reset.

Reddit said the hacker performed an SMS intercept attack for the phone numbers of some of its employees and intercepted the 2FA codes necessary to access the employees' accounts. Already having our primary access points for code and infrastructure behind strong authentication requiring two-factor authentication (2FA), we learned that SMS-based authentication is not almost as secure as we would hope, and the main attack was via SMS intercept.

Nevertheless, the breach is raising alarm bells in the IT security community because the attacker did so by breaking into employee accounts that were supposedly protected by two-factor authentication.

Of particular note is that although the Reddit employee accounts tied to the breach were protected by SMS-based two-factor authentication, the intruder (s) managed to intercept that second factor. Otherwise, the company recommends that users search their inboxes for emails sent by noreply@redditmail.com between June 3 and June 17 to learn if they were affected. "Although it's hard to crack those passwords, once cracked, the chances are much greater that they will also be added to a dictionary in a future "credential stuffing attack".

The company has reported the security breach to law enforcement and has started the process to notify the affected users. Security researchers in recent years have warned against using SMS-based 2FA systems.

Related Articles