Reddit hack revealed: Here’s everything you need to know

Reddit security breach

Reddit security breach

Attackers gained read-only access to systems with backup data, source code, and "other logs".

They were able to obtain usernames and corresponding email addresses - information that could make it possible to link activity on the site to real identities.

Finally, he shared that they are taking measures to guarantee that additional points of privileged access to Reddit's systems are more secure, and that the company hired their first Head of Security two and a half months ago.

Reddit announced on Wednesday that a hacker broke into its computer systems in June, gaining access to the email addresses of some of its users and a database of user names from 2007. "If your account credentials were affected and there's a chance the credentials relate to the password you're now using on Reddit, we'll make you reset your Reddit account password", said Reddit administrator KeyserSosa.

Now that their investigation is wrapped up, the company says it is notifying the affected users, requiring passwords to be reset and working with law enforcement to continue to examine the attack. The logs connect usernames with associated email addresses and contain suggested posts from the safe for work subreddits users subscribe to.

Between June 14 and June 18 of this year, Reddit says an attacker "compromised a few of our employees' accounts with our cloud and source code hosting providers".

Whatever the case may be, Reddit is using the security incident to encourage the public to switch over to non-SMS-based two-factor authentication.

Ambuj Kumar, CEO of Fortanix, noted that malicious actors can intercept text messages using fake base stations or subscriber hijacking attacks, yet many banks and service providers continue to use SMS-based authentication.

More specifically, two years worth of data from Reddit's launch in 2005 through May 2007 was compromised. The company also included instructions for users to remove their Reddit data.

Some Reddit users reported that they had already received extortion-based phishing emails that cited the hacked credentials. Fortunately, the hacker/hackers only gained access to backups from May 2007. Unfortunately many sites do not support any kind of 2-factor authentication - let alone methods that go beyond SMS or a one-time code that gets read to you via an automated phone call.

For those thinking that deleting their Reddit account may assist them, Small said the cat is out of the bag. "We understand it's hard to remember all your passwords but there are tools such as password generators and managers that can help solve this problem and ensure you don't become vulnerable to today's digitally advanced criminals". So that means if you created your account after this date, you should be in the clear.

Furthermore, two-factor authentication is something that everyone should be using by now.