Reddit announced that its systems were breached in mid-June 2018. The company says that the email addresses of most of the service's users have been intercepted as well as some of their passwords by a old copy security data 11 years ago.
According to Reddit, the hack took place between June 14 and June 18, when a hacker managed to compromise the accounts of several employees who were using a check identity two-factor authentication (2FA) via SMS.
The attacker managed to gain access to old forgotten salted passwords from a backup of the 2007 database and the current Reddit user emails.
Reddit confirmed that the e-mail addresses found in the hacker's hands were through some logs stored on its servers between 3 and 17 June of 2018.
The company also reports that the hacker has managed to intercept the Reddit source code, internal logs and configuration files.
Read the official announcement, and change passwords immediately.
______________________________
- Mark Zuckerberg: Two users have leaked data from 2,2
- OpenPGP SigSpoof vulnerability to popular email applications
- FlightSimLabs Greek seizes passwords from pirates
- PassProtect: Addon alerts you to insecure passwords
- The Have I Been Sold service informs you if your email has been sold
