Reddit Pwned….. Email Addresses And MAYBE Passwords Leaked

Earlier today Reddit  announced that it has suffered a data breach. If you read the document that I linked to, it will give you specifics as to what was hacked. But in short, a hacker gained access to a 2007 database backup that included old salted and hashed passwords. Meaning that they were not in a state that the passwords were readable. At least not without some work. Email digests sent by Reddit in June 2018 were also obtained.

The data breach occurred between June 14 and June 18, with hackers accessing Reddit employee accounts through the company’s cloud and source code hosting providers rather than the site itself. Those systems used SMS-based two-factor authentication that failed, and the main attack happened through SMS intercept.

Reddit is sending emails to users affected by the database hack, which means that if you signed up for Reddit before 2007 or during 2007, you should check your inbox. The site will be resetting the passwords of affected users. But if you use the site, you should really consider updating your password to something strong and unique as well as enabling two-factor authentication as that runs on a different mechanism than the one that was exploited in this hack.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: