I am sure you’d be surprised to hear that Reddit, the popular news aggregator website Reddit suffered series of data breach between the 14 and 18th of June. Reddit however, isn’t forthcoming on revealing the amount of user data that got compromised due to the data breach but have stressed that the breach should be taken seriously. So yes, when I heard you scream Reddit Hacked! I am sorry but its true.
What Were Affected on The Reddit Hack?
As disclosed by the company, the perpetrators of this modern day cyber-crime were able to compromise the company’s (Reddit’s) employee accounts which enabled them to have unrestricted access in acquiring some current email addresses and logs of “email digests” sent between June 3 and June 17.
And also a database dump dating as far back as 11 years ago (2007) containing usernames, hashed passwords, and all content including some messages which are believed to be confidential.
The hacker was able to bypass Reddit’s SMS-based 2FA that was being used by its employees by intercepting SMS.
Despite Reddit’s 2-factor authentication (Which is SMS-Based), the hacker was still able to bypass the company’s security which sources revealed that it was possible because an employee was using the authenticator during the hack. The hacker was able to bypass Reddit’s SMS-based 2FA that was being used by its employees by intercepting SMS. And as a way of counting their loses, healing their wounds, making/taking necessary arrangements and precautions, Reddit has decided to go with Reddit wants to implement token-based 2FA which will be more ideal because it’s on a small hardware.
How to Know if you’re Affected Due to the Reddit Hack?
This is a simple way to determine if you as a Reddit user was affected by the Reddit hack:
If you have your email address tied to your username and were subscribed to the “email digest” during the mentioned dates, then you are affected. You can also check for emails from [email protected] between June 3 and June 17. However, Reddit claims that users who opened their after 2007 aren’t affected.
For the compromised account credentials which may still be valid, Reddit is informing users individually and resetting passwords. Users can visit this Reddit’s help page to remove any associated data they think is important.
And just as a precaution, if your Reddit account was compromised, it is advised that you also change your other websites password(s), especially if they are the same match as to the ones you use on Reddit.