ibusinesslines.com August 20, 2018

Reddit’s serious "security incident" - what you need to know

03 August 2018, 09:10 | Jodi Jackson

Reddit Hacked – Attackers Steal a Complete Copy of an Old Database Backup After Compromising Employee Accounts

Reddit discloses ‘serious’ security breach it discovered on June 19th

Reddit has suffered a "security incident" in the form of a sophisticated hack that has exposed the personal data of some users. Here's what steps it says users should take: "If your account credentials were affected and there's a chance the credentials relate to the password you're now using on Reddit, we'll make you reset your Reddit account password".

The firm said it discovered the breach on June 19, with the attack having taken place during the four previous days.

Reddit encourages users to change their passwords if they are similar to those they had in 2007 and to enable token-based two-factor authentication as the hackers reached its systems through SMS intercept.

The backup file contained usernames, hashed and salted passwords, email addresses, all public content and private messages from 2005 through to May 2007.

"From phishing scams and dictionary attacks - where fraudsters try certain common passwords based on the user's information - to synthetic identities, as little as an email address can go a long way in the hands of a bad actor".

Are messaging user accounts if there's a chance the credentials taken reflect the account's current password. The digests connect a username to the associated email address and contain suggested posts from select popular and safe-for-work subreddits you subscribe to.

When asked by the BBC, a spokesperson for Reddit refused to share any estimate for how many users may be affected.

Reddit employees use something called two-factor authentication on their accounts.

Reddit says it plans to notify all affected users and is encouraging users to reset passwords for accounts that might still be using decade-old passwords. Even the SMS-based authentication is better than simply protecting your account with a password. These users are not being directly informed by the company.

The company has already reported what happened to law enforcement and is cooperating with an investigation.

"Given today's security climate, all online companies should use the forms of multi-factor authentication that are appropriate for the data assets being accessed as well as using encryption and key management to secure sensitive data".

"A cybercriminal only needs to get their hands on one password to potentially gain access to private and even financial information across a number of accounts and apps".

So, what do you think about this? If you meet the criteria mentioned in the full breakdown, you should probably change your Reddit password - and you should probably look into two-factor authentication, either way.

Other News

Trending Now

Diamondbacks acquire Jake Diekman from Rangers
The Arizona Diamondbacks used their bullpen cart to chauffeur the relief pitcher to their clubhouse Tuesday night at Chase Field. He will be arbitration eligible beginning next season and will not be eligible for free agency until after the 2021 season.

Murray commits to China Open in October
Got to be careful what you say around these parts nowadays though #freespeech #fakenews", wrote Murray in his comment. Murray had surgery on his right hip in January, only returning to action on June 18, facing Nick Kyrgios at Queen's.

Indian interest rate hike unlikely to affect NRIs
Analysts at Rabobank explained, that as widely expected, the Bank of England MPC raised the Bank rate to 0.75% from 0.50%. Over the last two bi-monthly MPC review meetings; there has been a total of 50 bps increase in the repo rate.

The controversy behind 3D-printed guns
It happened after Washington State Attorney General Bob Ferguson filed a lawsuit challenging the Trump Administration. Andrew Cuomo on Tuesday also issued a cease-and-desist order against the man who was scheduled to post them online.

Iran MP calls for Tehran-US hotline to avoid escalation
It also refused to join the Saudi-led coalition in Yemen and did not support Saudi Arabia and the UAE's stance against Qatar. Oman has tried to remain neutral in the Middle East's myriad conflicts.

Trump received letter from North Korea's Kim on August 1 - White House
He also thanked the leader for returning the suspected remains of USA soldiers killed in Korean War. The correspondence came amid fresh concerns over Pyongyang's commitment to denuclearization.

Alex Jones to ask for dismissal of Sandy Hook defamation lawsuit
In addition to asking for the cases to be dismissed, Jones also wants Pozner's family to pay him more than $100,000 in court fees. The parents have said Jones has engaged in a campaign of "false, cruel, and risky assertions", court filings showed.