According to chief technology officer Christopher Slowe, Reddit—the fifth-most trafficked website in the U.S.—suffered a data breach at the hands of a hacker or a group of hackers between June 14 and June 18. Veteran users of the “frontpage of the internet” should consider securing their accounts. In a post to r/announcements, Slowe explains that while Reddit employees use two-factor authentication to secure their credentials to the site, the attack relied on intercepting text messages that were supposed to reach those employees containing single-use login codes. “We learned that SMS-based authentication is not nearly as secure as we would hope,” Slowe wrote. While the site’s systems remained inaccessible to the attacker(s), “they gained read-only access to some systems that contained backup data, source code and other logs.” The site is taking measures to tighten its security. Unfortunately, the hacker(s) did managed to exfiltrate a few things. Among them, a batch of old user data spanning from the site’s launch in 2005 to May 2007. Although the passwords contained in the data were hashed and salted, the user data also included messages, both private and public, usernames, and associated email addresses. Subscribers to Reddit email digests during June of this year are also included in Slowe’s post—meaning the email address those digests were delivered to and the connected usernames were also accessed. According to Slowe, all affected users will receive an email and will be prompted to change their passwords. Whether or not you received such an email, it’s still a… [Read full story]
You are here: / / Reddit Hacked, Some User Data Stolen
Gizmodo is a design, technology, science and science fiction website that also features articles on politics. It was originally launched as part of the Gawker Media network run by Nick Denton, and runs on the Kinja platform.