Reddit announced today as it suffered a data breach in June, hackers compromised the (2FA) enabled employees’ accounts and gained read access to the Reddit systems.
Reddit CTO Chris Slowe says “between June 14 and June 18, an attacker compromised a few of our employees’ accounts with our cloud and source code hosting providers.”
From this attack it shows the SMS-based authentication is not enough as the attacker’s intercept the SMS messages, if you have not moved to token-based 2FA it’s a wake-up call.
“They were not able to alter Reddit information, and we have taken steps since the event to further lock down and rotate all production secrets and API keys, and to enhance our logging and monitoring systems.”
Hackers accessed an old database backup copy that contains Reddit’s user data such as the Email address, username, salted hashed passwords and all content (mostly public, but also private messages) from way back then.
Reddit CTO Chris Slowe says the database is very old one from 2005 through May 2007 and Reddit started sending a message to affected users and resetting passwords on accounts where the credentials might still be valid.
The hack attack took place between June 14 and June 18 and Reddit reads the attack On June 19 and Reddit confirms the attackers gained read-only access. If you have signed up to Reddit after 2007 there is nothing to worry about.
As the attacker had read access to our storage systems, other data was accessed such as Reddit source code, internal logs, configuration files and other employee workspace files, but these two areas are the most significant categories of user data.
Also Read
157 GB of Sensitive Data From Top Manufacturer Including Ford, Toyota, GM, Tesla Exposed Online.
Massive Data Breach – Hackers Stolen More than 1.5 Million Patients Personal Details.
The Evasive Panda group deployed a new C# framework named CloudScout to target a Taiwanese…
Researchers warn of ongoing spear-phishing attacks by Russian threat actor Midnight Blizzard targeting individuals in…
The Ukrainian Cyber Emergency Response Team discovered a targeted phishing campaign launched by UAC-0215 against…
Researchers have identified a network of compromised devices, CovertNetwork-1658, used by Chinese threat actors to…
A security researcher discovered a vulnerability in Windows theme files in the previous year, which…
The ongoing Meta malvertising campaign, active for over a month, employs an evolving strategy to…