Earlier today Reddit announced that it has suffered a data breach. If you read the document that I linked to, it will give you specifics as to what was hacked. But in short, a hacker gained access to a 2007 database backup that included old salted and hashed passwords. Meaning that they were not in a state that the passwords were readable. At least not without some work. Email digests sent by Reddit in June 2018 were also obtained.
The data breach occurred between June 14 and June 18, with hackers accessing Reddit employee accounts through the company’s cloud and source code hosting providers rather than the site itself. Those systems used SMS-based two-factor authentication that failed, and the main attack happened through SMS intercept.
Reddit is sending emails to users affected by the database hack, which means that if you signed up for Reddit before 2007 or during 2007, you should check your inbox. The site will be resetting the passwords of affected users. But if you use the site, you should really consider updating your password to something strong and unique as well as enabling two-factor authentication as that runs on a different mechanism than the one that was exploited in this hack.
Like this:
Like Loading...
Related
This entry was posted on August 1, 2018 at 3:05 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Reddit Pwned….. Email Addresses And MAYBE Passwords Leaked
Earlier today Reddit announced that it has suffered a data breach. If you read the document that I linked to, it will give you specifics as to what was hacked. But in short, a hacker gained access to a 2007 database backup that included old salted and hashed passwords. Meaning that they were not in a state that the passwords were readable. At least not without some work. Email digests sent by Reddit in June 2018 were also obtained.
The data breach occurred between June 14 and June 18, with hackers accessing Reddit employee accounts through the company’s cloud and source code hosting providers rather than the site itself. Those systems used SMS-based two-factor authentication that failed, and the main attack happened through SMS intercept.
Reddit is sending emails to users affected by the database hack, which means that if you signed up for Reddit before 2007 or during 2007, you should check your inbox. The site will be resetting the passwords of affected users. But if you use the site, you should really consider updating your password to something strong and unique as well as enabling two-factor authentication as that runs on a different mechanism than the one that was exploited in this hack.
Share this:
Like this:
Related
This entry was posted on August 1, 2018 at 3:05 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.