Reddit informed its users today that a hacker broke into some of its systems and accessed user data, including current email addresses and a 2007 database that contained usernames and passwords that were already salted and hashed (or scrambled for protection). Reddit is sending an email to all affected users — mostly people who joined Reddit in 2007 or earlier. The hacker was also able to read the email digests Reddit sent out in June 2018 as well, so they could see users’ email addresses and relevant, safe-for-work subreddits they followed. Reddit is recommending users who may still be using passwords similar to the ones they had in 2007 to change their password on Reddit and other sites. The company is also encouraging users to enable token-based two-factor authentication through a service like Authy or Google’s Authenticator, as the hacker gained access to Reddit’s systems through an SMS intercept attack. “We learned that SMS-based authentication is not nearly as secure as we would hope,” Reddit wrote in its post to users. Between June 14th and June 18th, the hacker compromised several Reddit employees’ accounts through the company’s cloud provider and source cost hosts. Reddit had required two-factor authentication on its accounts but the hacker intercepted the SMS verification and was able to gain access. The bad actor was able to see backup data, source code, and other employee logs in Reddit systems, but did not have access to changing any of it. By June 19th, Reddit discovered the attack and… [Read full story]
The Verge is an ambitious multimedia effort founded in 2011 to examine how technology will change life in the future for a massive mainstream audience.
Our original editorial insight was that technology had migrated from the far fringes of the culture to the absolute center as mobile technology created a new generation of digital consumers. Now, we live in a dazzling world of screens that has ushered in revolutions in media, transportation, and science. The future is arriving faster than ever.