Reddit staff used SMS for two-factor authentication and got hacked

Reddit discloses ‘serious’ security breach it discovered on June 19th

Reddit discloses ‘serious’ security breach it discovered on June 19th

The first related to old user data - from May 2007 - that contained usernames, email addresses and encrypted passwords.

Reddit uses two-factor authentication (2FA) to authenticate its primary access points for code and infrastructure, but Reddit said SMS-based authentication, which was targeted by the attacker, is "not almost as secure" as the company thought.

If you were subscribed to the email digests and don't want data related to that account to be traced back to your email address, Reddit recommended you check the help page for how to remove that information.

Although the main group affected are those users that joined before May 2007, if you're signed up for email digests from Reddit and received one between June 3 and June 17, the hacker may also be able to connect your email address to your username.

The social platform said that all users whose data the hacker had taken would be notified via a Reddit message.

This data includes usernames and email addresses linked to those accounts. Together, these details could. In the past, cybercriminals have assumed a victim's identity to trick cellular providers into essentially giving them access to the person's phone number.

Logs containing the email digests we sent between June 3 and June 17, 2018.

"We learned that SMS-based authentication is not almost as secure as we would hope, and the main attack was via SMS intercept", he shared.

Bank of England hikes interest rates to 0.75%
The UK economy is now in the tenth year of economic recovery and the unemployment rate is at its lowest level for over 40 years. When the Bank Rate goes up, so should rates on mortgages and savings accounts.

Trump marks Kelly's one-year mark as departure rumors swirl
Kelly has told allies that he feels it his duty to serve even if he and the president differ on style and messaging. It was July 28 of previous year when Trump announced Kelly would replace Reince Priebus .

Trump Receives Letter from North Korea's Kim
It has taken longer than Washington had hoped, but a U.S. state department official says the process so far has been smooth. Joe Stanton Elmore was 20 when he died on December 2, 1950, in Changjim County, Hamgyeong Province, North Korea.

"We learned that SMS-based authentication is not almost as secure as we would hope", wrote Mr Slowe.

Reddit hack safety - what do you need to do next?

The company's chief technology officer, Christopher Slowe, said: "If your account credentials were affected and there's a chance the credentials relate to the password you're now using on Reddit, we'll make you reset your Reddit account password".

The company has already reported what happened to law enforcement and is cooperating with an investigation. The company is also encouraging users to enable token-based two-factor authentication through Authy, Google's Authenticator, or a similar service.

Basically you'll want to change your Reddit password, as you should every once in a while anyway.

And it's worth taking this incident as a warning that SMS two-factor authentication isn't completely secure and that it may be worth investing in a physical authenticator key.

We don't know how many people were affected as Reddit isn't sharing that information at the moment. If you use the same password you used on Reddit in 2007 on other sites, you should reset those passwords as well (and if you use any of these passwords, you should change it for good measure).

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.