The popular social news and entertainment network Reddit announced that its servers were successfully compromised by hackers. The attack which was detected on June 19 let hackers obtain sensitive user data including usernames, hashed passwords, email addresses as well as public and private messages. Confidential company details stored by Reddit’s storage systems were also abused.
An official public post released by Reddit in their subreddit r/announcements unveils that he company has suffered a serious data breach. By compromising employees’ accounts, a currently unknown attacker gained read access to an old database backup from 2007 and a recent set of “email digests” from June 2018.
The data that was compromised in the incident includes users’ emails, usernames, hashed and salted passwords as well as public and private messages. Users who may have had their credentials stolen in this Reddit data breach will all receive an email message from the company. It is likely that users who became part of the Reddit community in 2007 and earlier are among the victims of the breach.
The email digests sent by Reddit in June 2018 were also involved in the attack. As explained by Reddit:
The digests connect a username to the associated email address and contain suggested posts from select popular and safe-for-work subreddits you subscribe to.
Users who have an associated email with their profiles are advised to search their email inboxes for emails from [email protected] received between June 3-17, 2018. In case that such emails appear your data is affected by the breach.
Here is an example of how such an email looks like:
The attackers have also managed to gain read access to other confidential data such as Reddit’s source code, internal logs, configuration files and employees’ workspace (Read more...)
*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum | SensorsTechForum.com authored by Gergana Ivanova. Read the original post at: https://sensorstechforum.com/reddit-data-breach-user-data-hacked/