Reddit data breach exposes the login credentials of accounts created in 2007
The attack was low-impact, but still 'serious'By Cohen Coberly
Security and data breaches have pretty much become the norm for tech companies as of late. There was the Equifax breach last year, the Timehop breach in July, and Facebook's Cambridge Analytica incident in March.
Now, Reddit has informed its user base that it has discovered a breach of its own: hackers recently accessed a site database containing login credentials for accounts created back in 2007.
To be clear, the breach didn't occur in 2007. Rather, it happened sometime between June 14 and June 18. However, users who created their account during 2007 may have had their information compromised. If you created your account any time after that, you're in the clear.
Due to Reddit's relatively anonymous nature, no personal information has been put at risk. Nobody's name, address, or banking information has been exposed.
With that said, the breach is still important: attackers were able to access login credentials. This data is less critical, but it could prove troublesome for users who haven't changed their password in a while.
Reddit says hackers were able to intercept the platform's SMS-based 2-factor authentication (2FA) system.
So, how did this breach occur? Reddit says hackers were able to intercept the platform's SMS-based 2-factor authentication (2FA) system.
"...we learned that SMS-based authentication is not nearly as secure as we would hope, and the main attack was via SMS intercept," Reddit CTO Christopher Slow said in a detailed statement. Slowe goes on to advise users to switch to a token-based 2FA system instead, such as Google Authenticator.
To prevent similar attacks from happening in the future, Slowe says Reddit has taken "measures to guarantee that additional points of privileged access to Reddit's systems are more secure." These measures include the implementation of "enhanced logging" and additional layers of encryption.