Reddit was hacked in a phishing attack targeting its employees

Reddit hacker snagged email addresses and old passwords

Rob LeFebvre
Rob LeFebvre

Earlier this month, a hacker accessed a few of Reddit‘s systems, grabbing some current email addresses and a database backup from 2007 that contained account passwords. The company assured its users that the attacker did not gain write access to any systems, and was not able to alter any information. The company has since locked down their production systems and API keys while enhancing its monitoring system and logs.

According to Reddit, all company data from the site’s launch in 2005 to 2007, including account credentials and email addresses, was accessed, likely by intercepting Reddit’s SMS-based authentication system. Reddit said that all public messages from this time period were grabbed, as well as some private conversations. If you were among the members affected, you’ll get a message from Reddit and the company will reset your password on still-valid accounts. Further, the hacker was able to access the logs containing email digests Reddit sent out between June 3rd and June 17th of this year. You were only affected if you received an email from noreply@redditmail.com between those dates.

Reddit was hacked in a phishing attack targeting its employees

Reddit has reported the incident to law enforcement, who began an investigation into the matter. In addition to messaging affected users, the company has taken measures to assure its systems are more secure, including requiring token-based two-factor authentication (2FA) for access to sensitive systems. Whether you were directly affected or not, Reddit urges members to reset their password to something unique and strong, and to enable 2FA via an authenticator app.

Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics  

(29)