Reddit is warning its users of a security breach, a hacker broke into the systems of the platform and accessed user data.
The hacker accessed user data, email addresses, and a 2007 backup database containing hashed passwords managed by the platform.
The data breach was discovered on June 19, 2018, according to Reddit, between June 14 and 18, 2018, the attacker compromised some of the employees’ accounts with the company cloud and source code hosting providers.
“A hacker broke into a few of Reddit’s systems and managed to access some user data, including some current email addresses and a 2007 database backup containing old salted and hashed passwords. Since then we’ve been conducting a painstaking investigation to figure out just what was accessed, and to improve our systems and processes to prevent this from happening again.” reads a data breach notification published by the company.
Reddit users that are still using the same password since 2007 have to do it now and change the password for any service where they share the same login credentials.
The hacker did not gain write access to Reddit systems containing backup data, source code, and other logs.
The company explained that the accounts were protected with two-factor SMS-based authentication, a circumstance that suggests the attackers were in the position to intercept authentication codes sent via SMS.
“Already having our primary access points for code and infrastructure behind strong authentication requiring two factor authentication (2FA), we learned that SMS-based authentication is not nearly as secure as we would hope, and the main attack was via SMS intercept. We point this out to encourage everyone here to move to token-based 2FA.” continues Reddit.
The company has taken steps to lock down and rotate all production secrets and API keys, and to enhance our monitoring systems.
Reddit already reported the security breach to law enforcement and is notifying affected urging to change their passwords.
Let me close with this Q&A published by Reddit:
What information was involved?
Since June 19, we’ve been working with cloud and source code hosting providers to get the best possible understanding of what data the attacker accessed. We want you to know about two key areas of user data that was accessed: