A hacker broke into a few of Reddit’s systems and managed to access some user data, including some current email addresses and a 2007 database backup containing old salted and hashed passwords, Reddit said Wednesday. From the announcement: Since then we’ve been conducting a painstaking investigation to figure out just what was accessed, and to improve our systems and processes to prevent this from happening again. Reddit says the incident occurred between June 14 and June 18 when the hacker “compromised a few of our employees’ accounts with our cloud and source code hosting providers.” Interestingly, even as Reddit employees maintain 2FA on their accounts, the attacker managed to get access to their data. “We learned that SMS-based authentication is not nearly as secure as we would hope, and the main attack was via SMS intercept,” the company said. The company says it has a reason to believe the attacker had access to the following data: All Reddit data from 2007 and before including account credentials and email addresses. What was accessed: A complete copy of an old database backup containing very early Reddit user data — from the site’s launch in 2005 through May 2007. In Reddit’s first years it had many fewer features, so the most significant data contained in this backup are account credentials (username + salted hashed passwords), email addresses, and all content (mostly public, but also private messages) from way back then. How to tell if your information was included: We are sending a message to affected users and resetting passwords on accounts where the credentials might still be valid. If you signed up for Reddit after 2007, you’re clear here.
of this story at Slashdot.
Source:: Slashdot