Reddit Data Breach
News | 08/07/2018

Reddit Data Breach! Hackers gain access to user data & email addresses!

About: Hackers gained a read only access to reddit’s old database containing usernames and salted hashed passwords, including public and private messages on the site from 2005 to May 2007. The email addresses of users subscribed to email digests in June 2...  Read More  

| News | Reddit Data Breach! Hackers gain access to user data & email addresses!

Online Community site, Reddit, informed its users that the company’s servers were breached by hackers, who had gained access to user data. The data breach was accomplished by successfully bypassing or circumventing the SMS based authentication on Reddit servers.

Reddit data breach inside image

The hacker was able to obtain information about some current email addresses and a backup database from 2007 which contained old salted hashed passwords.

The data breach occurred between June 14 and June 18 of which the company learned about on June 19. The attacker was able to compromise a few employee accounts with the company’s cloud and source code hosting providers. The Company has its primary access points for code and infrastructure behind strong authentication that requires two factor authentication (2FA).

The attacker gained read-only access to some of Reddit systems that contained source code, backup data and other logs. This was a serious attack on the Reddit systems and if the attacker had gained write access, the consequences would have been worse.

What Information was stolen by the Reddit data breach?

Reddit informed users that a complete copy of an old database backup which contained early Reddit user data was stolen. This includes everything from the site’s launch in 2005 to May 2007. The Site was in its early stages at that time and the backup database did not have anything of significance other then account credentials with usernames and salted hashed passwords, emails addresses and all the content on the site including all public messages and some private messages.

The Logs containing email digests sent by Reddit from 3 June 2018 to 17 June 2018 were stolen as well. The digests are sent to users on their linked emails addresses with their Reddit accounts. The Digest contained the email itself with the suggested posts was stolen alongside the logs. The Email digest contains the user’s preferences for the latest news stories and posts for which they want to be informed about via email.

Reddit Data Breach Email Digests

Reddit Data Breach affected Reddit Source Code, configuration files, internal logs and employee workspace files were also compromised apart from the significant user data.

Users affected by Reddit data breach

Users who have been registered with Reddit since its early days are affected by this security breach. Reddit is sending a message to all the affected users where the credentials are still valid and the users active.

Users subscribed to the email digests are affected by the breach as their information is leaked. Those not subscribed to reddit’s noreply mail are safe.

Steps taken by Reddit after the Data Breach

Reddit has informed the law enforcement agencies about this data breach who are investigating the matter.

Users are being alerted about their credentials if the data stolen contains the current passwords in use, informing users to change their passwords so as to keep their account private.

Reddit has added extra encryptions to its privileged access points to Reddit’s systems and it now requires token based 2FA instead of the outdated SMS 2FA authentication. After this incident Reddit has stopped using SMS 2FA for all purposes and are sticking to authenticator apps for 2FA.

Hits: 133

Leave a Reply

Your email address will not be published. Required fields are marked *

Did you find the article informative? Yes NO

Get Regular Updates Related to All the Threats

Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.

Virus Removal Guidelines
Plot No 319, Nandpuri- B Pratap Nagar
Jaipur
Rajasthan 302033
Phone: +91 9799661866