- Reddit has confirmed that it was the victim of a cyber-attack in June.
- The attackers gained access to backups containing Reddit user data from 2007.
- Compromised user data includes email addresses, salted hashed passwords, and private messages.
Reddit has announced that it was hacked back in June, with the intruder gaining access to a website backup and user data. From affected accounts to security precautions, here’s everything you should know about the attack.
Are you affected?
The big question is whether you are affected by the intrusion. Fortunately, the hacker/hackers only gained access to backups from May 2007. So that means if you created your account after this date, you should be in the clear.
Nevertheless, the user data in this backup includes usernames, email addresses, salted hashed passwords, and private messages. Reddit has confirmed that it’s sending messages out to all affected users and resetting their passwords. So keep an eye on your account/email inbox.
The hacker also obtained logs of digest emails sent between June 3 and June 17, 2018. The website says the digest emails connect email addresses to usernames.
“If you don’t have an email address associated with your account or your ’email digests’ user preference was unchecked during that period, you’re not affected,” the company explained. You might also want to search your email inbox for messages from firstname.lastname@example.org, just to be sure.
How did it happen?
According to the social news platform, the hack took place between June 14 and 18, with the intrusion discovered on June 19.
It’s believed that several employee accounts with cloud and source code hosting providers were compromised after their two-factor text messages were intercepted. The platform noted that SMS-based two-factor authentication was clearly not as effective as using an authenticator app.
The website adds that attackers gained read-only access to the data, so they weren’t able to change any information. Nevertheless, the swiped data is still a major concern.
Reddit says it contacted law enforcement and took steps to “rotate all production secrets and API keys, and to enhance our logging and monitoring systems.”
What should you be doing?
If you’re one of the users affected by the Reddit hack, the platform will make you reset your password.
“Whether or not Reddit prompts you to change your password, think about whether you still use the password you used on Reddit 11 years ago on any other sites today,” the company added.
If your email address is affected by the hack, the social news platform has recommended that you delete any potentially sensitive or incriminating content you wouldn’t want associated with the address. It adds that said content can be deleted via this handy page.
Finally, the company has called on users to use a strong password and to enable two-factor authentication via an authenticator app.
Were you affected by the Reddit hack? What do you make of it all? Let us know in the comments!