Someone is creating the panic on Reddits, a mysterious user behind the name TehBVM (@TehBVM) claims to have already popped more than 100 Reddit subreddits. The user already targeted subreddits related to Battlefield One game, Marvel Studios, Star Wars, How to Hack, and Game of Thrones, he also defaced popular subreddits like TIFU (today I f**ked up).
The hacker spent the last weeks hijacking Reddit moderator accounts and defacing their subreddit pages, changing cover images and CSS.
Which is the motivation behind the defacements?
Apparently, TehBVM is doing it partly to demonstrate the lack of security posture of Reddit, the hacker hasn’t disclosed personal information belonging to the Reddit users.
TehBVM did not explain how he compromised the Reddit accounts the unique certainly seems to be that he hasn’t launched a brute force attack against the platform. It is likely that the hacker is using login credentials related to other data breaches with the hope that users have shared it among multiple online services.
Clearly this kind of incidents could be simply avoided by introducing a two-factor authentication mechanism.
Reddit has already planned the introduction of the 2FA feature, but it is still to develop a beta.
The lack of a strong authentication method was already exploited in the past by hackers, in 2013 other subreddits have been popped in similar circumstances.
(Security Affairs – Reddit, hacking)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.