header logo
Mogo Academy
Science & Tech
Reddit user data compromised in sophisticated hack
Aug 03, 201812:47 PM
Reddit user data compromised in sophisticated hack
Mobitel Inner

Reddit has suffered a data breach compromising usernames, passwords and email addresses of groups of users, the site has confirmed.

 

While the size of the breach has yet to be clarified, Reddit said two data sets had been accessed by hackers, including one from 2007 containing account details and all public and private posts between 2005 and May 2007.

 

The second data store included logs and databases linked to Reddit’s daily digest emails, which was accessed between 3 and 17 June this year. The data includes usernames and email addresses linked to those accounts.

 

Jake Moore, security specialist at ESET, said: “Reddit is one of the world’s biggest websites so a hack of any data at this level is quite a feat.”

 

Reddit said the breach was discovered on 19 June following the attack happening four days prior. The hackers broke in using compromised employee accounts that were protected using SMS two-factor authentication.

 

The site said it was messaging affected users. Reddit chief technology officer Christopher Slowe said: “If your account credentials were affected and there’s a chance the credentials relate to the password you’re currently using on Reddit, we’ll make you reset your Reddit account password.”

 

“Whether or not Reddit prompts you to change your password, think about whether you still use the password you used on Reddit 11 years ago on any other sites today.

 

“If your email address was affected, think about whether there’s anything on your Reddit account that you wouldn’t want associated back to that address.”
SMS-based two-factor authentication broken

 

Reddit uses the common SMS-based two-factor authentication to protect its employee accounts, requiring a one-time passcode to be entered alongside a username and password.

 

However, Reddit said hackers had intercepted those text messages.

 

Keith Graham, chief technology officer for SecureAuth + Core Security, said: “While SMS-based authentication is popular and much more secure than password alone, it’s widely known to be vulnerable to cybercriminals who have hacked many celebrities using this method.

 

Graham explained that cybercriminals are capable of gaining access to a phone number to which an SMS two-factor code is sent. He said: “For example, a cybercriminal would simply need to give a wireless provider an address, last 4 digits of a social security number and perhaps a credit card to transfer a phone number.

 

“This is exactly the type of data that is widely available on the dark web thanks to large database breaches like Equifax.”

 

Source: The Guardian

 

 

 

MostRead
Mobitel Upahara
VideoStories
Govt has belittled and ridiculed country's farmers - MP Dilith Jayaweera

Govt has belittled and ridiculed country's farmers - MP Dilith Jayaweera

Who supplied fake QR stickers found on liquor bottles? MP Harsha de Silva questions

Who supplied fake QR stickers found on liquor bottles? MP Harsha de Silva questions

Farmers raise concerns over unopened govt paddy warehouses

Farmers raise concerns over unopened govt paddy warehouses

Over 1,500 fatalities reported from road accidents so far this year - Sri Lanka Police

Over 1,500 fatalities reported from road accidents so far this year - Sri Lanka Police

Former IGP C.D. Wickramaratne found dead in suspected suicide at Malabe residence

Former IGP C.D. Wickramaratne found dead in suspected suicide at Malabe residence

Appeal Courts postpones further hearing of Suresh Sallay’s writ petition to July 21

Appeal Courts postpones further hearing of Suresh Sallay’s writ petition to July 21

“Democracy must be defended from elected leaders” - Former BASL President

“Democracy must be defended from elected leaders” - Former BASL President

Multiple raids conducted at hospitals and medical labs to safeguard public safety

Multiple raids conducted at hospitals and medical labs to safeguard public safety

Cardinal Ranjith files intervening petition seeking dismissal of Suresh Sallay's plea

Cardinal Ranjith files intervening petition seeking dismissal of Suresh Sallay's plea

 Negombo Prison clash : Further hearing of case adjourned until July 23

Negombo Prison clash : Further hearing of case adjourned until July 23

Minister Lalkantha asserts no further increase in paddy prices despite farmer protests

Minister Lalkantha asserts no further increase in paddy prices despite farmer protests

Dengue cases rise to 72,430 islandwide as prevention programmes continue in 63 MOH divisions

Dengue cases rise to 72,430 islandwide as prevention programmes continue in 63 MOH divisions

Opposition submits UN complaint over proposal to extend judges’ retirement age

Opposition submits UN complaint over proposal to extend judges’ retirement age

Dengue cases surge with 15,856 reported in first half of July; Gampaha District tops figures

Dengue cases surge with 15,856 reported in first half of July; Gampaha District tops figures

Wimal Weerawansa’s brother remanded over alleged misuse of state-owned vehicles

Wimal Weerawansa’s brother remanded over alleged misuse of state-owned vehicles

Lassana Flora