Reddit announced today as it suffered a data breach in June, hackers compromised the (2FA) enabled employees’ accounts and gained read access to the Reddit systems.
Reddit CTO Chris Slowe says “between June 14 and June 18, an attacker compromised a few of our employees’ accounts with our cloud and source code hosting providers.”
From this attack it shows the SMS-based authentication is not enough as the attacker’s intercept the SMS messages, if you have not moved to token-based 2FA it’s a wake-up call.
“They were not able to alter Reddit information, and we have taken steps since the event to further lock down and rotate all production secrets and API keys, and to enhance our logging and monitoring systems.”
Email Address and credentials Accessed – Reddit Data Breach
Hackers accessed an old database backup copy that contains Reddit’s user data such as the Email address, username, salted hashed passwords and all content (mostly public, but also private messages) from way back then.
Reddit CTO Chris Slowe says the database is very old one from 2005 through May 2007 and Reddit started sending a message to affected users and resetting passwords on accounts where the credentials might still be valid.
The hack attack took place between June 14 and June 18 and Reddit reads the attack On June 19 and Reddit confirms the attackers gained read-only access. If you have signed up to Reddit after 2007 there is nothing to worry about.
As the attacker had read access to our storage systems, other data was accessed such as Reddit source code, internal logs, configuration files and other employee workspace files, but these two areas are the most significant categories of user data.