Technology
Reddit hack exposes old private messages
The internet is forever, and, yes, that apparently includes your old Reddit private messages.
The so-called front page of the internet today announced that it suffered a hack in June, and, as a result, Reddit private messages from 2005 to 2007 are now in the hands of the as-of-yet unknown culprits.
That’s right, your finely aged secret memes are on the loose. Oh, and also your email addresses and account credentials.
“A complete copy of an old database backup containing very early Reddit user data — from the site’s launch in 2005 through May 2007 [was accessed],” explains a statement from the company. “In Reddit’s first years it had many fewer features, so the most significant data contained in this backup are account credentials (username + salted hashed passwords), email addresses, and all content (mostly public, but also private messages) from way back then.”
According to the statement, Reddit plans to notify all affected users and reset passwords for accounts that might still be using decade-old passwords. Importantly, the company insists, if you got your first Reddit account post-2007 you’re in the clear.
We reached out to Reddit in an attempt to determine if long-deleted accounts from back in the day were affected in any way, but did not receive an answer to that question as of press time.
So how did this happen? It appears that SMS-based two-factor authentication played a key role.
“Already having our primary access points for code and infrastructure behind strong authentication requiring two factor authentication (2FA), we learned that SMS-based authentication is not nearly as secure as we would hope, and the main attack was via SMS intercept,” notes the statement. “We point this out to encourage everyone here to move to token-based 2FA.”
Indeed, while 2FA is a vital security tool, it does have its weak points. Dedicated hackers can potentially intercept codes sent via SMS by exploiting a flaw in what is known as the Signaling System 7 protocol (SS7), or simply phish the code. A physical security token, as endorsed by Google, is much more secure.
Reddit is working with law enforcement to investigate the hack, and in the meantime encourages all its users to set up 2FA with an authenticator app.
And, although Reddit doesn’t officially recommend this, if you have a super old Reddit account it’s worth your time to take a walk down your private message memory lane to double check you didn’t reveal anything of value in your old PMs. Because having a hacked 12-year-old private message come back to bite you in the ass is probably not how you want to start your day.
!function(f,b,e,v,n,t,s){if(f.fbq)return;n=f.fbq=function(){n.callMethod?
n.callMethod.apply(n,arguments):n.queue.push(arguments)};if(!f._fbq)f._fbq=n;
n.push=n;n.loaded=!0;n.version=’2.0′;n.queue=[];t=b.createElement(e);t.async=!0;
t.src=v;s=b.getElementsByTagName(e)[0];s.parentNode.insertBefore(t,s)}(window,
document,’script’,’https://connect.facebook.net/en_US/fbevents.js’);
fbq(‘init’, ‘1453039084979896’);
if (window.mashKit) {
mashKit.gdpr.trackerFactory(function() {
fbq(‘track’, “PageView”);
}).render();
}
-
Entertainment6 days ago
WordPress.org’s login page demands you pledge loyalty to pineapple pizza
-
Entertainment7 days ago
Rules for blocking or going no contact after a breakup
-
Entertainment6 days ago
‘Mufasa: The Lion King’ review: Can Barry Jenkins break the Disney machine?
-
Entertainment5 days ago
OpenAI’s plan to make ChatGPT the ‘everything app’ has never been more clear
-
Entertainment4 days ago
‘The Last Showgirl’ review: Pamela Anderson leads a shattering ensemble as an aging burlesque entertainer
-
Entertainment5 days ago
How to watch NFL Christmas Gameday and Beyoncé halftime
-
Entertainment4 days ago
Polyamorous influencer breakups: What happens when hypervisible relationships end
-
Entertainment3 days ago
‘The Room Next Door’ review: Tilda Swinton and Julianne Moore are magnificent