Reddit hackers compromise pre-2007 user data and a bunch of email addresses

Reddit was hacked back in June, with the attacker gaining access to user data including some current email addresses and encrypted passwords that were in use prior to 2007. If you meet the criteria mentioned in the full breakdown, you should probably change your Reddit password - and you should probably look into two-factor authentication, either way.

Somewhere between June 14 and 18, a hacker compromised a handful of Reddit employee accounts with the site’s hosting providers. Access was gained via SMS intercept to bypass the two-factor authentication system. The hacker was able to gain “read-only access to some systems that contained backup data, source code and other logs.”

Remind yourself of the days when all your personal information wasn't constantly at risk with the best old PC games.

More specifically, two years worth of data from Reddit’s launch in 2005 through May 2007 was compromised. That includes usernames, salted hashed passwords, email addresses, and both public site content and private messages. If you were a Reddit early adopter, you need to take the usual set of post-compromise security precautions. Reddit will soon be sending out emails and PMs to affected users to help with those steps.

Recent Reddit users aren’t entirely out of the woods, either. Email digests sent between June 3 and 17 were also compromised, which contain usernames, email addresses, and info on a selection of popular subreddits you might subscribe to. (Don’t worry, nothing NSFW is in that list, so your Reddit porn habits haven’t been outed.) If you received those digests during that time, your email is probably out there.

from PCGamesN https://ift.tt/2AxrFDZ