Monday, March 31, 2025
HomeData BreachReddit Data Breach - Hackers Stolen Users' Email Address and Credentials

Reddit Data Breach – Hackers Stolen Users’ Email Address and Credentials

Published on

SIEM as a Service

Follow Us on Google News

Reddit announced today as it suffered a data breach in June, hackers compromised the (2FA) enabled employees’ accounts and gained read access to the Reddit systems.

Reddit CTO Chris Slowe says “between June 14 and June 18, an attacker compromised a few of our employees’ accounts with our cloud and source code hosting providers.”

From this attack it shows the SMS-based authentication is not enough as the attacker’s intercept the SMS messages, if you have not moved to token-based 2FA it’s a wake-up call.

“They were not able to alter Reddit information, and we have taken steps since the event to further lock down and rotate all production secrets and API keys, and to enhance our logging and monitoring systems.”

Email Address and credentials Accessed – Reddit Data Breach

Hackers accessed an old database backup copy that contains Reddit’s user data such as the Email address, username, salted hashed passwords and all content (mostly public, but also private messages) from way back then.

Reddit CTO Chris Slowe says the database is very old one from 2005 through May 2007 and Reddit started sending a message to affected users and resetting passwords on accounts where the credentials might still be valid.

We had a security incident. Here’s what you need to know.
byu/KeyserSosa inannouncements

The hack attack took place between June 14 and June 18 and Reddit reads the attack On June 19 and Reddit confirms the attackers gained read-only access. If you have signed up to Reddit after 2007 there is nothing to worry about.

As the attacker had read access to our storage systems, other data was accessed such as Reddit source code, internal logs, configuration files and other employee workspace files, but these two areas are the most significant categories of user data.

Also Read

157 GB of Sensitive Data From Top Manufacturer Including Ford, Toyota, GM, Tesla Exposed Online.

Massive Data Breach – Hackers Stolen More than 1.5 Million Patients Personal Details.

Thousands of US Voters Personal Data Leaked Online Again.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

U.S. DOJ Seizes $8.2 Million from Hackers Linked to Pig Butchering Scam

The U.S. Department of Justice has successfully seized over $8.2 million in cryptocurrency tied...

Gamaredon Hackers Weaponize LNK Files to Deliver Remcos Backdoor

Cisco Talos has uncovered an ongoing cyber campaign by the Gamaredon threat actor group,...

“Crocodilus” A New Malware Targeting Android Devices for Full Takeover

Researchers have uncovered a dangerous new mobile banking Trojan dubbed Crocodilus actively targeting financial...

SquareX Discloses Browser-Native Ransomware that Puts Millions at Risk

From WannaCry to the MGM Resorts Hack, ransomware remains one of the most damaging...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Blacklock Ransomware Infrastructure Breached, Revealing Planned Attacks

Resecurity, a prominent cybersecurity firm, has successfully exploited a vulnerability in the Data Leak...

Massive Data Breach Hits NSW Online Registry: 9,000+ Files Stolen

A major cybersecurity incident has struck the New South Wales court system, as cybercrime...

Four Members of Hacker Group Behind 90 Worldwide Data Breaches Exposed

A recent investigation by Group-IB has shed light on a notorious cybercriminal operating under...