Redditors woke up to news of a Reddit security breach today. According to the community-based platform, a hacker managed to break into Reddit’s system and access user data between June 14 and June 18. The hacker got a hold of current email addresses and a 2007 database with salted and hashed user credentials.
Reddit Security Breach – User Data Hacked and Stolen
Reddit Security Breach – What We Know So Far
Here is what we know about the security breach:
- Reddit uses a two-factor-authentication process for the primary access points of its infrastructure and code.
- Part of that authentication process was an SMS-based authentication.
- The hacker was able to get access by SMS intercept.
- The hacker did not gain write access to the platform’s systems.
- They were able to get read-only access to some systems that contained logs, source codes, and backup data.
- Reddit has already taken action to fortify and enhance their systems.
What Was Stolen
Reddit was very clear about what user-specific data the hacker was able to get access to, pinpointing 2 specific databases:
Reddit Data From 2007 and earlier.
According to the post they released, the hacker managed to get all of Reddit’s data from 2007. This data includes the credentials and email addresses of the users on the list.
For those of you who don’t know, Reddit launched in 2005. That means that the data the hacker got access to include 2 years worth of user information. According to Reddit, the credentials stolen are backups of the account credentials and have been salted and hashed.
If you’ve been a loyal Redditer from the get-go and are worried about your data, relax. Currently, Reddit is sending out messages to the affected users. So check your emails and your private messages if you think you might have been one of the affected users.
Reddit’s June 2018 Email Digest
Between June 3rd and June 17th, Reddit sent out its June 2018 email digest for users who’ve opted to receive such notifications. The hacker was able to get access to the logs of the digest emails.
The logs connect usernames to their associated email address. Any Redditor on this digest list is at risk.
What to do if You were Affected by the Reddit Security Breach
- If you’re an old user who still uses the same password, Reddit will be making you reset your password.
- Change your password on other sites and platforms if it’s the same as the one you used on Reddit between 2005 – 2007.
- Check your Reddit account to see if there’s anything you don’t want to associate with your email. Reddit has some helpful guides on how to do that.
- Change your password even if you’re a new Reddit user and opt for the 2FA security measure.
- Use a VPN when using Reddit, or when you’re online in general.
- Have a burner email made specifically for subscriptions and community platforms. The burner email makes sure that your personal information is always secure.
Reddit Security Breach – Final Thoughts
I have to hand it to Reddit, they handled the situation with exceptional poise. They conducted a full investigation, got their data in order, and then informed their users of what was going on. Reddit provided a lot of details in their post to make sure that all users know what they should do next. This is a level of transparency that I hope we’d be able to see more of from other communities and social platforms online.