Watch out Redditors, it looks like the website has been hacked. Reddit today informed users that malicious actors gained access to some of its systems, making off with the data of certain early day users, including email addresses and account passwords.
Images courtesy: Reuters
Reddit says hackers got into one of its databases, gaining access to the usernames and salted & hashed (encrypted) passwords of users who joined Reddit in 2007 or earlier. Unfortunately, this also includes their linked email addresses. The hackers were also able to read email digests sent out in June 2018, meaning they could spot users¡¯ email addresses and sub-reddits they followed.?
It seems the hacker gained access through an employees login, by intercepting an SMS sent for two-factor authentication. The hacker had read access to backup data, source code, and other employee logs in Reddit systems, but thankfully didn¡¯t have access to change any of it. As such, they¡¯ve also advised users to enable token-based 2FA instead. ¡°We learned that SMS-based authentication is not nearly as secure as we would hope,¡± Reddit wrote in a post.
Right now the company is emailing affected users. They¡¯re already automatically resetting the passwords of accounts they believe are affected, while advising everyone on the platform to do the same. In addition, if you use your Reddit password for another account on a different service, you should probably change that too.