The admins at reddit should have known this – perhaps now they got the memo. While 2FA isn’t a bad idea in many situations, it’s certainly no security silver bullet – as we’ve known for years. This situation also illustrates the vulnerabilities of two-factor authentication, as they revealed in their announcement:Īlready having our primary access points for code and infrastructure behind strong authentication requiring two factor authentication (2FA), we learned that SMS-based authentication is not nearly as secure as we would hope, and the main attack was via SMS intercept.
If reddit discovered this hack all the way back in June, why did they wait until August to alert their users? The digests connect a username to the associated email address and contain suggested posts from select popular and safe-for-work subreddits you subscribe to. The logs contain the digest emails themselves - they look like this. What was accessed:Logs containing the email digests we sent between June 3 and June 17, 2018. In Reddit’s first years it had many fewer features, so the most significant data contained in this backup are account credentials (username + salted hashedpasswords), email addresses, and all content (mostly public, but also private messages) from way back then.Įmail digests sent by Reddit in June 2018 What was accessed: A complete copy of an old database backup containing very early Reddit user data - from the site’s launch in 2005 through May 2007. While it’s difficult to determine exactly how many people are affected – mainly because Reddit is not revealing much information – they did publicly acknowledge a “serious” data breach that gives third parties direct access to sensitive user data:Īll Reddit data from 2007 and before including account credentials and email addresses Reddit – the popular forum owned by the Condé Nast (Advanced Publications) media empire – was recently in the news for a data breach that exposed private user information.
0 kommentar(er)
