Reddit hack: attackers steal user data in major breach
Userwords, passwords and email addresses were illegally accessed
Chat forum Reddit has become the latest online giant to suffer a major breach of user data.
In an announcement posted on the site, Reddit says it has discovered that two data sets were illegally accessed using stolen login details from company employees.
According to The Guardian, the first data set included “account details and all public and private posts between 2005 to May 2007”.
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
The second contained “logs and databases linked to Reddit’s daily digest emails”, the newspaper says, as well as the email addresses and usernames of people who subscribed to the news briefings.
The hack was discovered on 19 June and occurred earlier that month.
Reddit says that the “attacker” was able to access other restricted areas of the forum, such as “employee workspace files” and “source code”, but that the two sets of personal information “are the most significant categories of user data”.
It is believed the breach was possible “because Reddit was using an outdated form of two-factor authentication on its employee accounts”, whereby users are sent an SMS message with a verification code to confirm their identity, says CNet.
The chat forum has not said how many users were affected by the hack.
According to the BBC, Reddit will “inform those affected by the loss of historic data” from 2007 but not those with data in the more recent information set from 2018.
Troy Hunt, an expert in data breaches, told the broadcaster: “This is personally identifiable data that’s been exposed in what is unequivocally a data breach, why on Earth wouldn’t you notify people?
“In the case where it’s mapped to a username, this is also exposing the identities behind what is very frequently a deliberately anonymous account. People should be made aware of this and contacted individually.”
Reddit says it has “reported the issue to law enforcement” and is “cooperating with their investigation”. The site also pledged to upgrade its login systems with encrypted two-factor authentication.
Sign up for Today's Best Articles in your inbox
A free daily email with the biggest news stories of the day – and the best features from TheWeek.com
-
Today's political cartoons - December 22, 2024
Cartoons Sunday's cartoons - the long and short of it, trigger finger, and more
By The Week US Published
-
5 hilariously spirited cartoons about the spirit of Christmas
Cartoons Artists take on excuses, pardons, and more
By The Week US Published
-
Inside the house of Assad
The Explainer Bashar al-Assad and his father, Hafez, ruled Syria for more than half a century but how did one family achieve and maintain power?
By The Week UK Published