Everything you need to know about Reddit’s recent security ‘incident’

Reddit security breach

Reddit security breach

Social news site Reddit revealed Wednesday that it has been a victim of hackers.

Reddit hack explained - what actually happened? It's also taken measures to beef up security at other points of privileged access to its systems, such as enhanced logging, more encryption, and requiring token-based 2FA. That's content both public and private posted to Reddit.

Reddit suggested today that it was through SMS intercept that passwords were captured with malicious intent.

Reddit's announcement is a great example of why it's important to read breach notifications carefully. Following an investigation, Reddit discovered that the attacker must have gained access to the SMS 2FA codes the employees would use to authenticate to those cloud hosting accounts. If you're one of those, the attackers know your email address and username but not your password, which has potentially troubling implications discussed below.

It's a common way to protect your account from people who have nicked your password. "Already having our primary access points for code and infrastructure behind strong authentication requiring two factor authentication (2FA), we learned that SMS-based authentication is not almost as secure as we would hope, and the main attack was via SMS intercept". Reddit became aware of the attack on June 19 and says it has since mitigated the threat and rolled out improved systems and processes to prevent it from happening again.

A more secure alternative to SMS involves the use of a mobile app - such as Google Authenticator or Authy - to generate the one-time code that needs to be entered in addition to a password. In the mean time, site admins are encouraging users to change any passwords on affected accounts.

Reddit said it was contacting affected users and would be resetting their passwords. Is is there that you'll find the instructions you seek for the deleting of content you wish to delete.

Even if Reddit doesn't force you to reset your password, doing so anyways is a good idea just to make sure all of your bases are covered.

"If your email address was affected, think about whether there's anything on your Reddit account that you wouldn't want associated back to that address", wrote Christopher Slowe, Reddit's chief technology officer.

The hacker was able to compromise Reddit's employee accounts to get hold of some current email addresses and logs of "email digests" sent between June 3 and June 17.

This data includes usernames and email addresses linked to those accounts. A user pointed out in the comment section that if privacy is a concern, affected users should delete any "incriminating" posts they could otherwise be traced back to.

Recommended News

  • Israel Strike on 'Terrorists' near Fence in Golan Kills Seven

    Israel Strike on 'Terrorists' near Fence in Golan Kills Seven

    Lavrentiev said Iranian service personnel, whom he described as advisers, could be among Syrian army forces that remain closer to the Israeli border.
    Official Android P is coming to the OnePlus 3 and 3T

    Official Android P is coming to the OnePlus 3 and 3T

    What OnePlus devices will get Android P? Well, more than we expected and here's an official statement from the company themselves. Android P is nearly ready for a public release and OnePlus 6 will be among the first few devices listed for an early release .
    Galaxy Tab S4 vs Tab A 10.5 comparison

    Galaxy Tab S4 vs Tab A 10.5 comparison

    You have probably noticed there's no physical home button on the Galaxy Tab S4, and that means no fingerprint sensor , either. There are speakers built into each corner of the device and it has Dolby Atmos support for an immersive audio experience.
  • In 6 hours Chelsea boss Sarri defends flat Morata for Arsenal draw

    In 6 hours Chelsea boss Sarri defends flat Morata for Arsenal draw

    Hudson-Odoi only signed his first professional contact last year but already there is talk of an improved five-year deal. The Brazilian could be on his way out of Stamford Bridge after being linked with Real Madrid and Manchester United .
    Donald Trump calls for Attorney General Jeff Session to end Russian Federation  inquiry

    Donald Trump calls for Attorney General Jeff Session to end Russian Federation inquiry

    Trump's tweet was immediately condemned by some Democratic lawmakers as a blatant attempt to obstruct justice. Trump wrote, in the third of a series of tweets .

    Trump threatens higher tariffs on Chinese imports

    The night before the agreement, he proposed in a tweet that "Both the USA and the European Union drop all Tariffs, Barriers and". A first round of tariffs came into effect on 6 July, when the U.S. imposed 25% taxes on $34bn of Chinese imports .
  • Trump tells attorney general to end Russian Federation probe

    She noted it's not "unreasonable" for election officials to ask for an ID. "I've said all along I see no evidence of collusion. None of the intelligence officials, however, would be more specific on any Russian activity or on US efforts to combat it.

    Demi Lovato to leave hospital this week

    Paris Jackson has slammed reports that she is returning to rehab following Demi Lovato's apparent overdose. But if she wants to survive, she needs to get out of this business, ' they said.
    9th Match, Women's Cricket Super League at Taunton, Jul 29 2018

    9th Match, Women's Cricket Super League at Taunton, Jul 29 2018

    The southpaw has also played ODIs, scoring 1464 runs at an average of 37.53, including three hundred and 11 fifties. Her innings was laced with five boundaries and four hits over the rope in a six-over-per-side rain-marred match.
  • Trump administration plans to lower vehicle emissions standards

    And when they fail they are prohibitively expensive to fix and often require someone akin to a rocket scientist to troubleshoot. Both agencies are sure to be flooded with thousands of comments from automakers, environmentalists and other interested parties.

    Nokia and T-Mobile agree Dollars 3.5 billion 5G deal

    T-Mobile, which is the third-largest operator in the U.S. behind Verizon and AT&T, agreed to merge with rival Sprint in April. The carrier will pay Nokia $3.5 billion for "its complete end-to-end 5G technology, software and services portfolio".
    Main reason why Lewandowski does not want to play for Man United

    Main reason why Lewandowski does not want to play for Man United

    Everton have acted fast and are understood to be on the verge of agreeing a new deal with the 24-year-old. In that time Lewandowski has scored 106 goals in 126 appearances.

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.