Reddit, ‘the front page of the Internet’, which has north of 300 million average monthly users, announced on Wednesday that few of its systems had been breached and the hacker managed to gain access to some user data.
The user data that has been hacked included current email addresses and a 2007 database backup containing old salted and hashed passwords.
How did the hacker gain access?
The breach took place between June 14 and June 18 when the hacker compromised a few Reddit employees’ accounts via a two-factor authentication SMS intercept.
“Already having our primary access points for code and infrastructure behind strong authentication requiring two-factor authentication (2FA), we learned that SMS-based authentication is not nearly as secure as we would hope, and the main attack was via SMS intercept,” writes Christopher Slowe, CTO and Founding Engineer, Reddit.
The attack was deemed as a serious one but the respite here is that the hacker didn’t gain write access to Reddit systems but read-only access to some systems that contained backup data, source code and other logs. This means that the hacker was unable to alter Reddit information.
The company is now taking steps to secure their systems with better measures than before by rotating all production secrets and API keys and enhancing their logging and monitoring systems.
User data hacked in the Reddit breach
A complete copy of an old database backup that contained early Reddit user data — from June 2005 through May 2007 — was accessed by the hacker.
The most significant data accessed was account credentials that include username, salted and hashed passwords, email addresses, public and private messages, and all content.
If your information was accessed during the breach, Reddit will send you a message on your PM or an email and will reset the passwords on accounts that are still active.
Users who signed up on Reddit after 2007 have nothing to worry about as none of their data was accessed.
Other than this, the hacker also gained access to the logs containing email digests that were sent between June 3 and June 17, 2018. These logs contain the digest emails as well as username and email address of the users.
If you haven’t linked an email address to your account or if you haven’t subscribed to the ’email digests’, you’re safe. Otherwise, you should search your email address for emails from ‘firstname.lastname@example.org’ between June 3 to June 17, 2018.
The attacked had read access to Reddit’s storage systems, so he also successfully accessed the website’s source code, internal logs, configuration files and other employee workspace files.
Also read: 12 biggest hacks of 2018
What can you do to safeguard your data?
If your account credentials have been affected then it’ll be wise to reset your Reddit account password. Even if you don’t receive a message/email from Reddit, think if you still use the same password you used on Reddit 11 years ago on any of the other websites today. If yes, it’s recommended that you change the password immediately on the other sites too.
If any information has popped up on your Reddit account that you didn’t want to be there, you can find instruction on how to remove information from your account here.
It’s also recommended to keep a strong, unique password for all of your accounts on various websites, including Reddit. You should also consider enabling the 2FA on Reddit, which is provided via an authenticator app. And lastly, you should always be alert for potential phishing or scams.
What has Reddit done about it?
Reddit has reported the issue to law enforcement and is cooperating with the investigation. The company is also sending a message to any user accounts if the credentials breached reflect the account’s current password.
Enhanced security of the Reddit systems by putting more encryption and requiring a token-based 2FA to log in. The company blames the weakness of the SMS-based 2FA to be the main cause of this incident.