Reddit data breach exposes the login credentials of accounts created in 2007

EnlargeMisaochan

The hackers in question unearthed not just usernames but corresponding email addresses, meaning it's very possible to link site activity to real identities.

Reddit encourages users to change their passwords if they are similar to those they had in 2007 and to enable token-based two-factor authentication as the hackers reached its systems through SMS intercept.

In a post on its r/announcements section, the company said that sometime between June 14 and June 18 an attacker "broke into a few of Reddit's systems and managed to access some user data, including some current email addresses and a 2007 database backup containing old salted and hashed passwords".

The Reddit team is working with law enforcement and cooperating with the investigation, messaging user accounts if there's chance their data has been taken, and has better-secured Reddit's systems. The logs connect usernames with associated email addresses and contain suggested posts from the safe for work subreddits users subscribe to.

'We learned that SMS-based authentication is not almost as secure as we would hope, and the main attack was via SMS intercept, ' the company said.

Reddit said the breach was discovered on 19 June following the attack happening four days prior.

Sales tax on school, emergency supplies to take holiday August 3-5
Some clothing , school supplies , and instructional materials will be exempt from sales and use tax. Ohioans who shop online will have to place their order during the tax-free weekend period.

Ambuj Kumar, CEO of Fortanix, noted that malicious actors can intercept text messages using fake base stations or subscriber hijacking attacks, yet many banks and service providers continue to use SMS-based authentication.

But, while Reddit is catching flak for using 2FA in the first place, many are praising the company for being transparent about what has happened and taking steps to correct the situation.

According to the information published, the data accessed is not recent and refers to the years between 2005 and 2007. In what one can only assume is a PR move, Reddit is refusing to publicly reveal the extent of the data breach.

If the passwords haven't been properly salted (unique salt for each password), the attacker might recover some of them relatively quickly and might try to use the compromised account name and password pairs on other websites. It's more secure than SMS simply because the attacker in that case would need to steal your mobile device or somehow infect it with malware in order to gain access to that one-time code. The bad news? It involved a two-factor authentication scam. The core idea behind 2FA is that even if thieves manage to phish or steal your password, they still can not log in to your account unless they also hack or possess that second factor. It's not as hard as you might think. In addition, some sites that do support more robust, app- or key-based two-factor authentication still allow customers to receive SMS-based codes as a fallback method.

All Reddit data from 2007 and before, including account credentials and email addresses.

Related News:



Most liked

National Archives to review all Kavanaugh records by October, potentially delaying confirmation
The documents could be produced earlier via a separate source: the Bush presidential library, which is conducting its own review. However, it should be possible to get the documents to Senators much more quickly than the Archives review process permits.

Public housing becomes smokefree under new policy
HUD wants to reduce exposure to unsafe secondhand smoke, and encourage its tenants to drop the carcinogenic habit. HUD announced in November 2016 that all federally-owned public housing must be smokefree by July 30, 2018.

Homebuyers’ pain as Bank nudges loan rate up to 0.75%
One of them (a private sector bank) is mired in a huge controversy relating to governance and conflict of interest. The Reserve Bank of India (RBI) on Wednesday announced a 25 basis points hike in repo rate to 6.5 per cent.

White House asserts 'vast' effort to protect elections
President Donald Trump was strongly criticised last month for not condemning alleged Russian actions, while he was in Helsinki. Mr Coats said: "Our focus here today is simply to tell the American people we acknowledge the threat".

Bay County Health Reports Second Human Case Of West Nile Virus
Be sure to use insect repellent and wear long sleeves and trousers at these times or consider staying indoors during these hours. West Nile can become fatal if it progresses to a neuroinvasive disease, such as encephalitis and meningitis.

Trump pushes Jeff Sessions to end Mueller's Russian Federation investigation 'right now'
Trump's personal lawyer, Rudy Giuliani, said that in his tweet Trump was expressing an opinion long espoused by his team. Democrats skeptical of the Trump-led effort to protect the elections said they were glad there was a focus on it now.

Chipotle closes restaurant after illnesses reported
It was trading down close to 2 percent in pre-market movement Tuesday and slipped as much as 9 percent during the day. That news also surfaced through iwaspoisoned.com when 89 reports and 133 customers reported falling sick.

Force India in administration: 3 teams oppose takeover
But one of the creditors had already prepared a petition, and if it was filed, the team would simply be closed. Force India went into administration following a High Court hearing in London on Friday evening.

U.S. states make last-minute legal bid to halt 3-D online guns
Gun control groups on Friday failed to convince a federal judge to intervene before the designs were expected to go online. He says 3D-printed guns present a real and present danger because they're both unregulated and untraceable.

Zola championed for Hudson-Odoi inclusion in Chelsea pre-season training squad
Hudson-Odoi only signed his first professional contact last year but already there is talk of an improved five-year deal. But Sarri says no decisions have been made and he is looking forward to meeting the trio for the first time on Saturday.

10-Year-Old Clark Kent Shatters Phelps’ 100M Butterfly Record
Clark now holds the record for the fastest 100-meter butterfly, which Phelps set back in 1995 with a time of 1:10:48. Clark doesn't think his work load is too much. "I deal with it really well, I just have to balance", he said.

Armed homeowner killed by police was Vietnam vet
He watched paramedics take away the victim on a gurney. 'He was a family man - a grandpa that was protecting his family. Officers then fanned out inside the house searching room to room for any other possible suspects or victims.

Apple becomes first publicly traded company to be worth $1 trillion
Since the iPhone first went on sale in 2007, Apple shares have soared by 1,100% and have jumped nearly a third in the past year. Stock buybacks reduce the number of shares a company has on the open market, driving up the price of the remaining shares.

We’re So Jealous of Meghan Markle’s First Birthday Present as a Royal
Meanwhile, Markle's estranged father, Thomas Markle , says he plans to send her a birthday card, whether she wants one or not. Yikes! What a royal diss - but she should probably spell Chrissy's name correctly if she expects her to ever see it.

Fans suspect that Kim Kardashian increased her lips
Do I do this nude shoot, don't I do this nude shoot?' And I did it". "He's not political so he doesn't dig deep into what's going on".