The hacker gained access to user and backup data, source code, employee logs, hashed usernames and passwords and more
Social news aggregator Reddit revealed to its users on Thursday that someone managed to hack into its systems.
In a post on its website, the company said that the hacker gained access to user data and a 2007 database which contained scrambled usernames and passwords. It warned that mainly people who joined Reddit in 2007 or earlier may have been compromised, in terms of their email addresses and any relevant subreddits they follow.
Reddit is recommending that its users change their passwords, especially if it is the same they had back in 2007. It says that enabling a token-based two-factor authentication through an authenticator service will be more effective than an SMS-based one, as the hacker is believed to have gained access through SMS interception.
The hacker carried out the attack between 14 and 18 June, through Reddit’s cloud provider and source hosts. After intercepting the SMS verification, the hacker was able to view user data, backup data, source code, employee logs and more, but s/he did not gain access to edit anything.
related news
Reddit became aware of the attack on 19 June but has spent the last month carrying out extensive investigations to find out who is responsible and to find out the extent of the damage. It also used the time to boost its security measures and cooperate with law enforcement.
The hacker was also able to access public and private messages posted by users between 2005 and 2007. One user commented that it would be easy for the hacker to decode a Redditor’s username using their email addresses. To be on the safe side, users must delete any sensitive posts from their profiles.