If you’re anything like me, you’ll probably check Reddit on a regular basis. I set up my account in 2013 and I use it for work and for personal use, so I was quite concerned to see that Reddit had a security breach, despite having two-factor security authentications in place.
Reddit Data Breach – Nothing Too Bad Was Stolen
According to Reddit, the hacker only gained access to some old data stored as backup. The data included some hashed-up passwords dating back to 2007 (perhaps time to change your password if you haven’t changed yours since then). Other data included email digests, which means they could make associations between usernames and email addresses. The other data was the source code for Reddit and internal logs along with employee files.
Still a Serious Security Breach
The security breach is still serious, even though the information stolen was in a read-only format dating back to 2007. The attack happened between June 14 and June 18 of this year. Reddit informed the public on Wednesday, revealing all the information they’ve been able to obtain through the investigation.
Reddit has reported the issue and are cooperating with the investigation being carried out by law enforcement. They also announced that all affected users will be sent an email and resetting all passwords on any account if the credentials are valid. There’s no need to be concerned if you signed up after 2007.
New measures are being taken to guarantee the security of Reddit, which include:
- Enhanced logging system
- Further encryption asking for a token based 2FA
Reddit discovered that the hack was most likely achieved via the SMS based authentication, which is why the change to token based 2FA is being made.
Reddit Users Dating to 2007
If you’re a long time user of the first page of the Internet you are recommended to change your password. Your password should also be changed on any other websites that you use it on alongside the same email used on Reddit. You can also take steps to remove any information on your Reddit account that you don’t want to have associated to your email address.