Reddit revealed to its users today that a hacker broke into some of its systems and collected user’s data, including current email addresses and a 2007 database that contained usernames and passwords.
Reddit is informing its users about data breach through emails to all affected users. The users who joined Reddit in 2007 or earlier are suffered. The hacker was also able to read the email digests Reddit sent out in June 2018 as well. Reddit is asking its users to change their passwords on Reddit and other sites if they are still using the same password they had in 2007.
The company is also recommending users to enable two-factor authentication through a service like Authy or Google’s Authenticator, as the hacker gained access to Reddit’s systems through an SMS intercept attack.
Read Also :Reddit has introduced the dark mode feature
Reddit wrote in its post to users “We learned that SMS-based authentication is not nearly as secure as we would hope.”
Between June 14th and June 18th, the hacker compromised several Reddit employees’ accounts through the company’s cloud provider and source cost hosts. Reddit had required two-factor authentication on its accounts but the hacker breached the SMS verification and was able to gain access to the system. The hacker reached to see backup data, source code, and other employee logs in Reddit systems, but luckily did not have access to changing any of it. Moreover, the hacker was able to see private and public messages posted from 2005 to 2007.