Reddit recently learned that a hacker managed to access multiple employee accounts and walk away with “some” current email addresses and a 2007 database backup. It’s in the midst of a “painstaking investigation” currently to figure out what went wrong.
On June 19, Reddit discovered that hackers had compromised “a few” employee accounts with access to its cloud storage and source code hosting providers.
Unfortunately, we don’t know what “some” or “a few” entails. We’ve reached out to Reddit for further clarification.
Hackers reportedly bypassed the providers’ two factor authentication (2FA) system using an SMS intercept, meaning the person(s) responsible re-routed the 2FA code to a different device in order to access the code. Security researchers in recent years have warned against using SMS-based 2FA systems. But while it’s not as good as a token, or code-based system, it’s certainly better than nothing at all.
While the attack was serious, hackers didn’t manage to get much of value aside from some users‘ email addresses and some hashed email and password combinations from a 2007 database backup. While were able to access some read-only information — such as backup data, source code, and log files — they weren’t able to alter anything on the site.
According to a Reddit posting by CTO, Chris Slowe, this was the information hackers managed to access:
All Reddit data from 2007 and before including account credentials and email addresses
What was accessed:A complete copy of an old database backup containing very early Reddit user data — from the site’s launch in 2005 through May 2007. In Reddit’s first years it had many fewer features, so the most significant data contained in this backup are account credentials (username + saltedhashed passwords), email addresses, and all content (mostly public, but also private messages) from way back then.
How to tell if your information was included:We are sending a message to affected users and resetting passwords on accounts where the credentials might still be valid. If you signed up for Reddit after 2007, you’re clear here. Check your PMs and/or email inbox: we will be notifying you soon if you’ve been affected.
Email digests sent by Reddit in June 2018
What was accessed:Logs containing the email digests we sent between June 3 and June 17, 2018. The logs contain the digest emails themselves — theylook like this. The digests connect a username to the associated email address and contain suggested posts from select popular and safe-for-work subreddits you subscribe to.
How to tell if your information was included:If you don’t have an email address associated with your account or your “email digests” user preference was unchecked during that period, you’re not affected. Otherwise, search your email inbox for emails from[email protected]between June 3-17, 2018.
Reddit assures us that it’s taken preventative steps to secure the site from additional attacks, as well as rotating all production secrets and API keys. In the mean time, site admins are encouraging users to change any passwords on affected accounts. You can see if your account was affected by following the instructions above.
Reddit is also cooperating with law enforcement in an attempt to find the person(s) responsible.