Hackers compromised systems and stole a cache of user data from Reddit, but the information would only jeopardize your account if you haven’t changed your password in 11 years. The stolen information included current email addresses, the popular news-sharing site said on Wednesday. But the passwords they nabbed were old — from 2007. That means now is the time to act if you haven’t changed your Reddit password in more than a decade. And if you were using that password somewhere else, it might be a good idea to change your credentials there, as well. The hack took place in mid-June and the company discovered the breach on June 19. “Since then we’ve been conducting a painstaking investigation to figure out just what was accessed, and to improve our systems and processes to prevent this from happening again,” Christopher Slowe, Reddit chief technology officer and founding engineer, in a post — where else? — on Reddit. Slowe, whose username on Reddit is u/KeyserSosa, said the breach was possible because Reddit was using an outdated form of two-factor authentication on its employee accounts. When logging in to their accounts, Reddit workers received an SMS message with a one-time code to enter after their password. This SMS-based version is no longer considered safe because it’s considered too too easy for attackers to intercept the texts. That’s what appears to have happened at Reddit. “We learned that SMS-based authentication is not nearly as secure as we would hope, and the main attack was via… [Read full story]
You are here: / / Still using a from 2007 on Reddit? Change it now, because Reddit was hacked.
CNET is an American media website that publishes reviews, news, articles, blogs, podcasts and videos on technology and consumer electronics globally.