Another day, another significant data breach.
This time the victim is Reddit… appears somebody is really pissed off with Reddit’s account ban policy or bias moderators.
Reddit social media network nowadays declared that it suffered a security breach in June that exposed a number of its users’ knowledge, as well as their current email addresses and an previous 2007 info backup containing usernames and hashed passwords.
According to Reddit, the unknown hacker(s) managed to achieve read-only access to a number of its systems that contained its users’ backup knowledge, ASCII text file, internal logs, and alternative files
In a post printed to the platform weekday, Reddit Chief Technology Officer patron saint Slowe admitted that the hack was a heavy one, however assured its users that the hackers failed to gain access to Reddit systems.
“[The attackers] weren’t ready to alter Reddit data, and that we have taken steps since the event to more lock down and rotate all production secrets and API keys, and to boost our work and watching systems,” Slowe wrote.
According to Slowe, the foremost important knowledge contained within the backup was account credentials (usernames and their corresponding salt-cured and hashed passwords), email addresses and every one content as well as non-public messages.
Attacker Bypassed SMS-based Two-Factor Authentication
Reddit learned about the data breach on June 19 and said that the attacker compromised a few of the Reddit employees’ accounts with its cloud and source code hosting providers between June 14 and June 18.
The hack was accomplished by intercepting SMS messages that were meant to reach Reddit employees with one-time passcodes, eventually circumventing the two-factor authentication (2FA) Reddit had in place attacks.
The security breach should be a wake-up call to those who still rely on SMS-based authentication and believes it is secure. It’s time for you to move on from this method and switch to other non-SMS-based two-factor authentication.
Reddit is also encouraging users to move to token-based two-factor authentication, which involves your mobile phone generating a unique one-time passcode over an app.
Reddit said that users can follow a few steps mentioned on the breach announcement page to check if their accounts were involved.