With the tagline, “giving you the best of the internet in one place,” Reddit is a popular website designed for discussion, news aggregation, and the creation of social content. Boasting over 330 million users, the platform is characterized by an engaged community. Which also means it contains treasure troves of consumer data. Unfortunately, there’s now a chance that information has been exposed, as Reddit announced today that its systems were hacked at some point earlier this summer.
Announcing the breach on its r/announcements section, Reddit informed users that its internal systems were accessed by attackers sometime between June 14th to June 18th. The cybercriminals managed to bypass the SMS-based two-factor authentication the company had in place to access user data. This information includes some current email addresses and a 2007 database backup containing old salted and hashed passwords (meaning, passwords that haven’t been stored in plaintext). Additionally, email digests sent in June 2018 were also accessed by the hackers as well.
Now, the amount the impacted emails and passwords is not yet exactly known, but it’s crucial Reddit users (particularly those who joined by 2007) start taking steps now to secure their personal security. Start by following these tips:
- Change up your password. If you joined Reddit in 2007 or before, you should change up your password immediately. When changing your password, make sure the next one you create is a strong password that is hard for cybercriminals to crack. Include numbers, lowercase and uppercase letters, and symbols. The more complex your password is, the more difficult it will be to crack. Avoid common and easy to crack passwords like “12345” or “password.”
- Keep an eye out for sketchy emails and messages. If you received an email from a Reddit digest in June, then there’s a chance the hacker has your email address. Cybercriminals can leverage this stolen information for phishing emails and social engineering scams. So, if you see something sketchy or from an unknown source in your email inbox, be sure to avoid clicking on any links provided. Better to just delete the email or message entirely.
- Don’t solely rely on SMS two-factor authentication (2FA). If anything, we can all learn a lesson from this Reddit breach – we can’t solely rely on SMS two-factor authentication anymore to secure our data. In fact, SMS is one of the weakest forms of 2FA. If you wish to lock down your data on your devices, it’s best to use app-based two-factor authentication, such as Google Authenticator.
And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.