Skip to main content

Reddit Got Hacked Thanks to a Woefully Insecure Two-Factor Setup

posted onAugust 2, 2018
by l33tdawg
Wired
Credit: Wired

Reddit said in a blog post Wednesday that a hacker broke into the company's systems in June and gained access to a variety of data, including user emails, source code, internal files, and “all Reddit data from 2007 and before.” And it likely could have been avoided if some Reddit employees were using two-factor authentication apps or physical keys instead of their phone numbers.

"On June 19, we learned that an attacker compromised a few of Reddit's accounts with cloud and source code hosting providers by intercepting SMS 2FA verification codes," a Reddit spokesperson said in a statement. (Advance Publications, which owns WIRED publisher Condé Nast, is Reddit's majority shareholder.) "We are working with federal law enforcement, and have also taken measures to both address this current situation and prevent similar incidents in the future. A small number of users were affected and have been notified."

Among the compromised information was a 2007 Reddit database backup, which means if you were using the platform back then, your account information from that time—like your email address, username, and password—has been exposed. Reddit says the passwords were protected by cryptographic salting and hashing defenses, but if you still use that old password for your Reddit account, or any online account, you should change it to a strong, random password in case the Reddit trove can be cracked.

Source

Tags

Security

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th