Hackers break into Reddit's systems

Share

"If your account credentials were affected and there's a chance the credentials relate to the password you're now using on Reddit, we'll make you reset your Reddit account password", the firm's chief technology officer Christopher Slowe said.

Reddit said the hacker performed an SMS intercept attack for the phone numbers of some of its employees and intercepted the 2FA codes necessary to access the employees' accounts.

The site said it was messaging affected users.

The online discussion board, which prides itself on providing anonymity, said hackers compromised employees' accounts by gaining access to two datasets. "We point this out to encourage everyone here to move to token-based 2FA", he said.

This access was achieved on some systems that contained backup data from 2007, source code and other logs.

Trump's EPA proposes rollback of Obama emission standards
He cautions that as the EPA provides more information about its new proposed standard, those calculations may change. He suggested states rights conservatives are hypocrites for approving the plan.

This database included usernames, salted and hashed passwords, email addresses, and all content.

"They were not able to alter Reddit information, and we have taken steps since the event to further lock down and rotate all production secrets and API keys, and to enhance our logging and monitoring systems", the company said.

The firm claimed it is notifying users about the older breach but has told users potentially affected by the newer one that they must proactively search their inbox for emails from noreply@redditmail.com between June 3-17, 2018. For example, even though the second factor may be generated by a mobile-based app, that one-time code needs to be entered into the same login page on a Web site along with user's password - meaning both the password and the one-time code can still be subverted by phishing, man-in-the-middle and credential replay attacks.

Logs containing email digests sent by Reddit from 3 June to 17 June were also grabbed, including usernames, associated email addresses, and suggested posts from "select popular and safe-for-work subreddits you subscribe to".

Reddit announced on Wednesday that a hacker broke into its computer systems in June, gaining access to the email addresses of some of its users and a database of user names from 2007. Not only that but email digests sent in June 2018 were also accessed.

Indian central bank raises rates for second time
However, just like the rise in November, providers are likely to be selective with the rates they choose to increase. Nearly all (96%) of new mortgage loans are offered on a fixed rate, usually for the first two or five years.

Security and data breaches have pretty much become the norm for tech companies as of late.

All Reddit data from 2007 and before, including account credentials and email addresses.

The attacker was unable to get write-permissions to Reddit but did manage to obtain read-access to certain site systems.

Reddit reported the incident to law enforcement and is now aiding with the outside investigation.

Next, the fact that the company seems disappointed by the ease with which the attackers bypassed the SMS 2FA it was using on its cloud accounts even though this older form of authentication has well-publicised weaknesses, including SIM swap fraud.

Giuliani just obliterated the goal posts on Trump-Russia collusion
Giuliani added that he had said Trump wasn't in the room for that meeting because there were in fact two different meetings. Nevertheless, Trump's legal team is preparing to counter the results of the investigation.

Share