What You Need to Know About the Reddit Breach
On August 1st, Reddit announced a breach where an attacker was able to access user data.
In an official Reddit post, Reddit made a quick statement and said;
A hacker broke into a few of Reddit’s systems and managed to access some user data, including some current email addresses and a 2007 database backup containing old salted and hashed passwords. Since then we’ve been conducting a painstaking investigation to figure out just what was accessed, and to improve our systems and processes to prevent this from happening again.
On June 19, Reddit faced a security breach where an attacker infiltrated Reddit employee accounts. The infiltration stems from the trust the organization placed in SMS-based two-factor authentication (2FA). Unfortunately, the attacker was able to intercept the SMS and continue to pose as the employee. Reddit suggests that everyone should move to token based two-factor authentication. This form of authentication works by providing a throwaway token with an input of a username and password. It works by providing another level of indirection for authentication, as the site only needs to authenticate the token and not username and password. Token-Based 2FA does not provide the site with your username and password; thus, offering safety in this aspect too.
The attacker was not given write access to Reddit’s servers -meaning they could not change any script and only read it. Yet, they were still able to access a copy of an old database containing “very early Reddit user data” and “Email digests sent by Reddit in June 2018”. The early database contained usernames, salted hashed passwords and all posted content (including private messages).
If you are a veteran Reddit user and are worried that you were attacked, Reddit suggests checking your PM/Email as they will be in touch soon.
With the Email digest portion of the breach, the attacker was able to see logs on digest emails, which contain email addresses and suggested posts from popular sub-reddit’s (community of posters) that a user is subscribed to.
Since the attack, Reddit has reported three things they have done about it. They;
– Reported the issue to law enforcement and are cooperating with their investigation.
– Are messaging user accounts if there’s a chance the credentials taken reflect the account’s current password.
– Took measures to guarantee that additional points of privileged access to Reddit’s systems are more secure (e.g., enhanced logging, more encryption and requiring token-based 2FA to gain entry since we suspect weaknesses inherent to SMS-based 2FA to be the root cause of this incident.)
After Reddit announced the breach the community provided overwhelming support for the Reddit’s transparency and openness. Usually, when organizations face a breach this large they are discreet and only tell the public the bare minimum, leaving a frenzy of worried users. The detail provided in their analysis provides the exact data that was infiltrated and what users can do to protect themselves now and in the future.
To read the original announcement follow the link here.
If you’re interested about other external attacks, check out our other blog posts here;
Secure Sense is the security provider that cares. We are a team of experts with a passion for IT and protecting your organization is what motivates us daily. If you have questions, want to learn more about our services or just want to chat security please give us a shout. If you’re looking to guest blog, please send an email here.