Reddit announced today a security breach.
"An attacker compromised a few of our employees' accounts with our cloud and source code hosting providers", the post reads.
Hackers reportedly bypassed the providers' two factor authentication (2FA) system using an SMS intercept, meaning the person (s) responsible re-routed the 2FA code to a different device in order to access the code. Attackers had access to the complete copy of this old database, which carried information on users that the company had from its launch in 2005 to 2007. The most significant data in that database are account credentials that include usernames and salted hashed passwords, email addresses, and all public content along with private messages.
The attacker also managed to get access to logs containing the email digests they sent between June 3 and June 17, 2018, which "connect a username to the associated email address" and contain suggested posts from subreddits users subscribe to. If so, Reddit users could be potentially robbed of their anonymity if usernames are connected to emails.
"We learned that SMS-based authentication is not almost as secure as we would hope, and the main attack was via SMS intercept", he shared. With so many data breaches happening lately, the chances that a re-used password was exposed is quite high.
For Reddit users who may have had their login credentials stolen in the breach, the website will reset passwords and message affected users with tips on how they can protect themselves.
"We learned that SMS-based authentication is not almost as secure as we would hope", wrote Mr Slowe.
Explainer - Taking the land: ANC grasps South Africa's most emotive issue
This disparity in land holding has long since been seen as a symbol of the enduring inequalities within South Africa . Being a businessman, President Ramaphosa should know that it will be detrimental to the economy.
Parents now paying for their kids to get Fortnite coaching
The Wall Street Journal recently found several families are now hiring tutors to teach their kids... how to win at Fortnite . Interestingly, the new trend has also surprised Fortnite coaches.
Ohio Judge Orders Deputies to Tape Shut Suspect's Mouth During Sentencing
Williams "would not stop talking, despite more than a dozen warnings over the course of about 30 minutes". On Tuesday, he was sentenced to 24 years in prison after his second trial in the case, according to WJW.
"Already having our primary access points for code and infrastructure behind strong authentication requiring two factor authentication (2FA), we learned that SMS-based authentication is not almost as secure as we would hope, and the main attack was via SMS intercept".
'The details you added are more than many other companies do, and it told me exactly what data of mine was at risk!' wrote user Sam-Gunn.
Reddit has reported the issue to law enforcement and is cooperating with the investigation.
Predictably, security specialists are pointing out this hack as another example of the failure of two-factor authentication. It's more secure than SMS simply because the attacker in that case would need to steal your mobile device or somehow infect it with malware in order to gain access to that one-time code.
So, what do you think about this?
If you were impacted, you should absolutely change your password-especially if it's the same one you've used for over a decade.