Monday, February 10, 2025
Homecyber securityReddit Massive Hack - Multiple Subreddits Compromised Posting pro-Trump Messages

Reddit Massive Hack – Multiple Subreddits Compromised Posting pro-Trump Messages

Published on

SIEM as a Service

Follow Us on Google News

Reddit suffered a massive hack, multiple subreddits have been defaced during the last 24 hours, and the attackers posted messages supporting Donald Trump’s reelection campaign.

Reddit administrators urged users to enable two-factor authentication (2FA) on their accounts and to change their passwords.

The campaign is an ongoing incident with moderator accounts being compromised and used to vandalize subreddits. We’re working on locking down the bad actors and reverting the changes, said Reddit Admin.

Following are some of the impacted subreddits;

r/NFL
r/CFB (Canadian Football League)
r/TPB (The Pirate Bay’s Reddit channel)
r/BlackMirror (TV show)
/r/Buffy (TV show)
r/Avengers (Movie franchise)
r/Vancouver (city)
r/Dallas (city)
r/Plano (city)
r/Japan
r/Gorillaz (music band)
r/Podcasts
/r/Disneyland
r/49ers (NFL team)
/r/BostonCeltics (NBA team)
r/Leafs (Toronto Mapple Leafs)
/r/EDM (electronic dance music channel)
/r/Food
r/Beer
r/Renting
r/Lockpicking
r/Subaru (car maker)
r/freefolk (Game of Thrones fan channel)
r/Space
r/ISS
r/DestinyTheGame (video game)
r/LawSchool
r/StartledCats
r/TheDailyZeitgeist
r/Supernatural
/r/Naruto
/r/RupaulsDragRace
r/GRE
r/GMAT
r/greatbritishbakeoff
r/11foot8
r/truecrimepodcasts
r/comedyheaven
r/weddingplanning
r/Chadsriseup
r/BertStrips
r/KingkillerChronicle (book series)
r/PoliticalDiscussion
r/MadLads
r/DNDMemes
r/woodpaneled
r/telescopes
r/WeAreTheMusicMakers
r/DeTrashed
r/Samurai8
r/3amjokes
r/ANGEL
r/PhotoshopBattles
r/Animemes
r/comedyheaven/
r/awwducational
r/gamemusic
r/hentaimemes
r/ShitAmericansSay
r/ShitPostCrusaders
r/SweatyPalms
r/Locklot
r/BadHistory
r/CrewsCrew/
r/ListenToThis
r/PokemonGOBattleLeague
r/FacingTheirParenting
r/TwoSentenceHorror
r/BookSuggestions
r/FreezingFuckingCold/
r/woof_irl
r/BurningAsFuck
r/ImagineThisView
r/AnotherClosetAtheist
r/CasualTodayILearned
r/ShowerBeer
r/TookTooMuch
r/DallasProtests/
r/BannedFromClubPenguin
r/creepyPMs
r/RedditDayOf
r/AquaticAsFuck
r/HeavyFuckingWind/
r/BlackPeopleTwitter
r/HuskersRisk
r/Fireteams/
r/LuxuryLifeHabits
r/IRLEasterEggs
r/nononono
r/nonononoyes
r/ThatsInsane

According to reports number of subreddits accounts has been compromised by the hackers and they also tweeted that Reddit mods’s and easy to take over.

  • Reddit moderators are advised to look for the following signs to check for account compromise.
  • You received an email notification that the password and/or email address on your account changed but you didn’t request changes.
  • You notice authorized apps on your profile that you don’t recognize.
  • You notice unusual IP history on your account activity page.
  • You see votes, posts, comments, or moderation actions that you don’t remember making or private messages that you don’t remember sending.

“We have officially confirmed that none of the accounts that were compromised had 2fa enabled at the time of the compromise”, Reddit said.

Reddit sent out a notification to all affected account owners and helping them to get account access back.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

New ‘BYOTB’ Attack Exploits Trusted Binaries to Evade Detection, Researchers Reveal

A recent cybersecurity presentation at BSides London 2024 has unveiled a sophisticated attack technique...

SAML Bypass Authentication on GitHub Enterprise Servers to Login as Other User Account

A severe security vulnerability, tracked as CVE-2025-23369, has been identified in GitHub Enterprise Server...

NanoCore RAT Attack Windows Using Task Scheduler to Captures keystrokes, screenshots

NanoCore, a notorious Remote Access Trojan (RAT), continues to pose a significant threat to...

Hackers Exploiting Google Tag Managers to Steal Credit Card from eCommerce Sites

In a concerning development, cybercriminals are leveraging Google Tag Manager (GTM), a legitimate tool...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

New ‘BYOTB’ Attack Exploits Trusted Binaries to Evade Detection, Researchers Reveal

A recent cybersecurity presentation at BSides London 2024 has unveiled a sophisticated attack technique...

SAML Bypass Authentication on GitHub Enterprise Servers to Login as Other User Account

A severe security vulnerability, tracked as CVE-2025-23369, has been identified in GitHub Enterprise Server...

NanoCore RAT Attack Windows Using Task Scheduler to Captures keystrokes, screenshots

NanoCore, a notorious Remote Access Trojan (RAT), continues to pose a significant threat to...