Hackers break into Reddit’s systems
2 August 2018 | 0
Global online forum Reddit has revealed a hacker broke into a few of its systems, accessing user data between 14 June and 18 June.
According to an announcement issued today, current e-mail addresses and a 2007 database backup containing old salted and hashed passwords have been accessed.
“On June 19, we learned that between June 14 and June 18, an attacker compromised a few of our employees’ accounts with our cloud and source code hosting providers,” according to Reddit.
“Already having our primary access points for code and infrastructure behind strong authentication requiring two factor authentication (2FA), we learned that SMS-based authentication is not nearly as secure as we would hope, and the main attack was via SMS intercept. We point this out to encourage everyone here to move to token-based 2FA.”
Reddit said that the hacker did not gain write access to its systems only read-only access to some systems that contained backup data, source code and other logs.
A complete copy of an old database backup containing early Reddit user data – from the site’s launch in 2005 through May 2007 was accessed.
According to Reddit the most significant data contained in this backup are account credentials (username + salted hashed passwords), e-mail addresses, and all content (mostly public, but also private messages) from way back then.
Also accessed were logs containing the e-mail digests Reddit sent between 3 June and 17 June 2018.
The digests connect a username to the associated e-mail address and contain suggested posts from select popular and safe-for-work subreddits.
As the attacker had read access to our storage systems, other data was accessed such as Reddit source code, internal logs, configuration files and other employee workspace files, but these two areas are the most significant categories of user data,” it said.
Reddit has reported the issue to law enforcement, it is letting users know and is taking measures to guarantee that additional points of privileged access to Reddit’s systems are more secure.
IDG News Service