Reddit announced that its systems were breached in mid-June 2018 company reports that the email addresses of most users of the service have been intercepted as well as some of the passwords accesss from an old data backup from 11 years ago.
According to Reddit, the hack took place between June 14 and June 18, when a hacker managed to compromise the accounts of several employees who were using a check identity two-factor authentication (2FA) via SMS.
The attacker managed to gain access to old forgotten salted passwords from a backup of the 2007 database and the current Reddit user emails.
Reddit confirmed that the e-mail addresses found in the hacker's hands were through some logs stored on its servers between 3 and 17 June of 2018.
The company also reports that the hacker managed to eavesdrop on the source code Reddit's internal logs and configuration files.
Read the official announcement, and change passwords immediately.
______________________________
- Mark Zuckerberg: Two users have leaked data from 2,2
- OpenPGP SigSpoof vulnerability to popular email applications
- FlightSimLabs Greek seizes passwords from pirates
- PassProtect: Addon alerts you to insecure passwords
- The Have I Been Sold service informs you if your email has been sold