Technology
Reddit hack exposes old private messages
The internet is forever, and, yes, that apparently includes your old Reddit private messages.
The so-called front page of the internet today announced that it suffered a hack in June, and, as a result, Reddit private messages from 2005 to 2007 are now in the hands of the as-of-yet unknown culprits.
That’s right, your finely aged secret memes are on the loose. Oh, and also your email addresses and account credentials.
“A complete copy of an old database backup containing very early Reddit user data — from the site’s launch in 2005 through May 2007 [was accessed],” explains a statement from the company. “In Reddit’s first years it had many fewer features, so the most significant data contained in this backup are account credentials (username + salted hashed passwords), email addresses, and all content (mostly public, but also private messages) from way back then.”
According to the statement, Reddit plans to notify all affected users and reset passwords for accounts that might still be using decade-old passwords. Importantly, the company insists, if you got your first Reddit account post-2007 you’re in the clear.
We reached out to Reddit in an attempt to determine if long-deleted accounts from back in the day were affected in any way, but did not receive an answer to that question as of press time.
So how did this happen? It appears that SMS-based two-factor authentication played a key role.
“Already having our primary access points for code and infrastructure behind strong authentication requiring two factor authentication (2FA), we learned that SMS-based authentication is not nearly as secure as we would hope, and the main attack was via SMS intercept,” notes the statement. “We point this out to encourage everyone here to move to token-based 2FA.”
Indeed, while 2FA is a vital security tool, it does have its weak points. Dedicated hackers can potentially intercept codes sent via SMS by exploiting a flaw in what is known as the Signaling System 7 protocol (SS7), or simply phish the code. A physical security token, as endorsed by Google, is much more secure.
Reddit is working with law enforcement to investigate the hack, and in the meantime encourages all its users to set up 2FA with an authenticator app.
And, although Reddit doesn’t officially recommend this, if you have a super old Reddit account it’s worth your time to take a walk down your private message memory lane to double check you didn’t reveal anything of value in your old PMs. Because having a hacked 12-year-old private message come back to bite you in the ass is probably not how you want to start your day.
!function(f,b,e,v,n,t,s){if(f.fbq)return;n=f.fbq=function(){n.callMethod?
n.callMethod.apply(n,arguments):n.queue.push(arguments)};if(!f._fbq)f._fbq=n;
n.push=n;n.loaded=!0;n.version=’2.0′;n.queue=[];t=b.createElement(e);t.async=!0;
t.src=v;s=b.getElementsByTagName(e)[0];s.parentNode.insertBefore(t,s)}(window,
document,’script’,’https://connect.facebook.net/en_US/fbevents.js’);
fbq(‘init’, ‘1453039084979896’);
if (window.mashKit) {
mashKit.gdpr.trackerFactory(function() {
fbq(‘track’, “PageView”);
}).render();
}
-
Entertainment7 days ago
What’s on the far side of the moon? Not darkness.
-
Business6 days ago
TikTok faces a ban in the US, Tesla profits drop and healthcare data leaks
-
Business6 days ago
London’s first defense tech hackathon brings Ukraine war closer to the city’s startups
-
Entertainment7 days ago
How to watch ‘The Idea of You’: Release date, streaming deals
-
Entertainment6 days ago
Mark Zuckerberg has found a new sense of style. Why?
-
Business5 days ago
Humanoid robots are learning to fall well
-
Entertainment5 days ago
2024 summer TV preview: 33 TV shows to watch this summer
-
Business4 days ago
Google Gemini: Everything you need to know about the new generative AI platform