Sci-tech

Heads Up: Your Ancient Reddit Password is Compromised

Heads Up: Your Ancient Reddit Password is Compromised”

If there is, they might want to remove that information (posts, drafts, comments, private messages, chat messages) from the account.

"As the attacker had read access to our storage systems, other data was accessed such as Reddit source code, internal logs, configuration files and other employee workspace files, but these two areas are the most significant categories of user data", the company noted.

Reddit breach - how did the hacker get into Reddit's systems? Following an investigation, Reddit discovered that the attacker must have gained access to the SMS 2FA codes the employees would use to authenticate to those cloud hosting accounts.

Logs containing the email digests Reddit delivered between June 3 and June 17 of this year were also accessed.

"Already having our primary access points for code and infrastructure behind strong authentication requiring two factor authentication (2FA), we learned that SMS-based authentication is not almost as secure as we would hope, and the main attack was via SMS intercept", Reddit disclosed.

As a result, Reddit is now switching to a token system - which involves buying a physical fob that produces log-in codes instead. (After several notable phishing attacks, Google moved from SMS and app-based authentication to physical security keys in 2017, and has not seen a successful attack since.) The SMS codes were intercepted, and the hacker was able to access some Reddit data.

The US National Institute for Standards and Technology (NIST) has advised against using SMS-based 2FA, and academics have bypassed SMS-based 2FA for a few years now, but in recent weeks, SMS-based 2FA has been proven to be broken in the real world [1, 2].

Reddit logs
Reddit logs

The social platform said that all users whose data the hacker had taken would be notified via a Reddit message.

Reddit has confirmed that it was the victim of a cyber-attack in June.

When asked by the BBC, a spokesperson for Reddit refused to share any estimate for how many users may be affected. Is is there that you'll find the instructions you seek for the deleting of content you wish to delete. On Wednesday Reddit began informing users who may be included in this dataset.

It's been reported that this trove could be far larger than the first and may help the attackers unmask anonymous users by linking their pseudonym to their username and email address.

The second part of the breach potentially affects all users but is potentially less damaging.

The incident also exposed the email addresses of some users who had signed up to receive daily email digests of specific discussion threads.

This data includes usernames and email addresses linked to those accounts.



Like this

loading...
loading...

Latest


03 August 2018
Manchester United lodge big bid for Real Madrid's Mateo Kovacic
The Frenchman has been out of a job since leaving Real Madrid a few days after picking up a third straight Champions League crown. However, Bayern apparently have other ideas and want United to give them €55m for Boateng. "I think we have very good players".

03 August 2018
Chelsea offer star man chance to be club’s highest earner of all
The Belgian global has attracted interest from Spanish giants Real Madrid and has expressed his desire to join the Los Blancos. It seems like the 25-year-old can't do anything nowadays without the internet latching on to it with a vice-like grip.

03 August 2018
Trump at rally makes false claim on photo IDs for…
He also advocated for requiring voters to present photo identification, even though Florida already has such a law on the books. Rick Scott Tuesday as "a tremendous guy" and "a friend of mine for a long time " as he prepared to endorse U.S.

03 August 2018
GOP rep. dismisses Trump shutdown talk as 'posturing'
McConnell says the Senate is taking steps toward "funding the government in a timely and orderly manner". Border security is a commitment that doesn't have an expiration date.

03 August 2018
West Nile Virus found in London trap
About one out of 150 infected people develop swelling of the brain or brain tissue, that in some cases, can result in death. Blood donations are screened for West Nile prior to distribution, to ensure that the blood supply is safe from the virus.

03 August 2018
US officials raise alarm about election interference ahead of midterms
As the president works towards reelection, he says he will continue pushing for improvement in urban areas of the country. Also on Wednesday, counsel to the president, Jay Sekulow, told Fox News that the president's tweet was not an order.

02 August 2018
Trump tweet on Muller probe "opinion not order": White House
Six Republican senators going into a vote on Wednesday disapproved of Trump's tweet calling for an end to the probe. He said the timing of the Manafort trial played no role in Trump's views.

02 August 2018
Iran's currency crisis triggers corruption crackdown
Its national currency Iranian Rial crashing to its record low level against US Dollar with one USD quoting 44160 Iranian Rial. In April, the government attempted to fix the rate at 42,000 rials, saying the move would crack down on black market traders.

02 August 2018
Antisemitism row: Momentum drops Peter Willsman from NEC re-election list
Momentum should really be demanding he resign his NEC seat and no longer have a say at Labour's top table. Labour insisted that, while they were not reproduced word for word, they are covered in the new code.

02 August 2018
Many interested in buying Force India - Wolff
The move was prompted after one of the team's creditors approached the United Kingdom courts in order to get a "wind up" notice against the team.