The popular social news and entertainment network Reddit announced that its servers were successfully compromised by hackers. The attack which was detected on June 19 let hackers obtain sensitive user data including usernames, hashed passwords, email addresses as well as public and private messages. Confidential company details stored by Reddit’s storage systems were also abused.
An official public post released by Reddit in their subreddit r/announcements unveils that he company has suffered a serious data breach. By compromising employees’ accounts, a currently unknown attacker gained read access to an old database backup from 2007 and a recent set of “email digests” from June 2018.
The data that was compromised in the incident includes users’ emails, usernames, hashed and salted passwords as well as public and private messages. Users who may have had their credentials stolen in this Reddit data breach will all receive an email message from the company. It is likely that users who became part of the Reddit community in 2007 and earlier are among the victims of the breach.
The email digests sent by Reddit in June 2018 were also involved in the attack. As explained by Reddit:
The digests connect a username to the associated email address and contain suggested posts from select popular and safe-for-work subreddits you subscribe to.
Users who have an associated email with their profiles are advised to search their email inboxes for emails from firstname.lastname@example.org received between June 3-17, 2018. In case that such emails appear your data is affected by the breach.
Here is an example of how such an email looks like:
The attackers have also managed to gain read access to other confidential data such as Reddit’s source code, internal logs, configuration files and employees’ workspace files. Even though this category of data does not affect user data, it could enable cyber criminals to break the security of the social media once again.
What Is Reddit Doing to Prevent Such Hacks from Happening Again?
Reddit has announced that an investigation on the case is currently on the go. The company’s purpose is to define the reasons that led to this breach and resolve all of the existing security issues. Here is more of what the company expressed publicly:
Although this was a serious attack, the attacker did not gain write access to Reddit systems; they gained read-only access to some systems that contained backup data, source code and other logs. They were not able to alter Reddit information, and we have taken steps since the event to further lock down and rotate all production secrets and API keys, and to enhance our logging and monitoring systems.
Due to the fact that the hackers used an SMS intercept attack to gain access to Reddit’s systems, now the company recommends that all users should use the token-based two-step authentication instead of the SMS-based one.
Reddit also announced that the incident was reported to law enforcement and at this point, both institutions are cooperating for the investigation process.