Your private information could have been hacked since 2007

Isaac Cain
August 3, 2018

It emailed users and published a post on 1 August to announce that a hacker broke into its systems and accessed user data, including current email addresses and a 2007 database backup with old usernames and passwords that were scrambled (or "salted and hashed") for protection.

"Already having our primary access points for code and infrastructure behind strong authentication requiring two factor authentication, we learned that SMS-based authentication is not almost as secure as we would hope", said Reddit.

"If your email address was affected, think about whether there's anything on your Reddit account that you wouldn't want associated back to that address", warned Christopher Slowe, Reddit's chief technology officer, in a post on the site.

Attackers also took away some other data, including employee files but users only appear to be affected in the above two areas. Reddit says hackers were able to intercept the platform's SMS-based 2-factor authentication (2FA) system. Email digests sent between June 3 and 17 were also compromised, which contain usernames, email addresses, and info on a selection of popular subreddits you might subscribe to. Together, these details could.

"A complete copy of an old database backup containing very early Reddit user data - from the site's launch in 2005 through May 2007 [was accessed]", explains a statement from the company.

In a bit of frightening news, it has been revealed that Reddit was hacked and important user data was accessed.

The company says it learned of the attack on June 19 and that it took place between June 14 and June 18.

More news: NJ attorney general: Plans to release 3D gun blueprints put on hold

"This is personally identifiable data that's been exposed in what is unequivocally a data breach, why on earth wouldn't you notify people?" said renowned security researcher Troy Hunt, a specialist in data breaches affecting consumers.

If you're unsure if you've received a Reddit digest in June 2018, you can check by searching your email for messages from "noreply@redditmail.com".

"From phishing scams and dictionary attacks - where fraudsters try certain common passwords based on the user's information - to synthetic identities, as little as an email address can go a long way in the hands of a bad actor". If you signed up for Reddit after 2007, you're clear here.

If it's the latter then the risk here would be for the probably small group of users who haven't changed their password since then or did change it but used it on other sites without updating it there too. If you did receive email digests during this period, check your inbox for emails from [email protected] between June 3 and June 17.

Furthermore, two-factor authentication is something that everyone should be using by now. The company also included instructions for users to remove their Reddit data.

Popularity often makes a website a juicy target for hackers, however, and Reddit's now found itself an unwitting victim.

Other reports by LeisureTravelAid

Discuss This Article

FOLLOW OUR NEWSPAPER