Reddit announced today as it suffered a data breach in June, hackers compromised the (2FA) enabled employees’ accounts and gained read access to the Reddit systems.
Reddit CTO Chris Slowe says “between June 14 and June 18, an attacker compromised a few of our employees’ accounts with our cloud and source code hosting providers.”
From this attack it shows the SMS-based authentication is not enough as the attacker’s intercept the SMS messages, if you have not moved to token-based 2FA it’s a wake-up call.
“They were not able to alter Reddit information, and we have taken steps since the event to further lock down and rotate all production secrets and API keys, and to enhance our logging and monitoring systems.”
Hackers accessed an old database backup copy that contains Reddit’s user data such as the Email address, username, salted hashed passwords and all content (mostly public, but also private messages) from way back then.
Reddit CTO Chris Slowe says the database is very old one from 2005 through May 2007 and Reddit started sending a message to affected users and resetting passwords on accounts where the credentials might still be valid.
The hack attack took place between June 14 and June 18 and Reddit reads the attack On June 19 and Reddit confirms the attackers gained read-only access. If you have signed up to Reddit after 2007 there is nothing to worry about.
As the attacker had read access to our storage systems, other data was accessed such as Reddit source code, internal logs, configuration files and other employee workspace files, but these two areas are the most significant categories of user data.
Also Read
157 GB of Sensitive Data From Top Manufacturer Including Ford, Toyota, GM, Tesla Exposed Online.
Massive Data Breach – Hackers Stolen More than 1.5 Million Patients Personal Details.
Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting victims…
The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ advanced…
A significant XSS vulnerability was recently uncovered in Microsoft’s Bing.com, potentially allowing attackers to execute…
Meta has announced the removal of over 2 million accounts connected to malicious activities, including…
Critical security vulnerability has been identified in Veritas Enterprise Vault, a widely-used archiving and content…
A critical security vulnerability has been disclosed in the popular file archiving tool 7-Zip, allowing…