Reddit systems breached through SMS 2 Factor Authentication (FA)
Hackers accessed Reddit source code, internal logs, storage systems.
Reddit recommends to change your password immediately.
The most popular website Reddit system breached by unknown hackers and gain the user’s Email addresses and database.
In the blog post, Reddit verified that a hacker broke their systems in June and accessed user E-mails, source code, the internal files and all Reddit data from 2007 and before.
That means the Hackers had taken Reddit backup database from 2007, if you were using Reddit during that time, then your account information has been compromised including your E-mail address, username and password. It is not clear that how many users were affected.
The logs from 3rd June to 17th June 2018 related “email digest” were exposed. Digests recommending to users on subreddit they subscribe to. So the attacker would allow seeing the usernames, which connected to Subscribe email ID.
How Attackers compromised Reddit System?
According to the report, unknown hackers targeted some of the Reddit employees from 14 June to 18 June and compromised their accounts including Reddit cloud and source code hosting vendors.
The employees of the company were using SMS based two-factor authentication, but cyber attackers bypass it through “SIM Intercepting” technique to take control of a user SIM card and collect all the phone data.
What Reddit said about the breach?
On June 19, we learned that between June 14 and June 18, an attacker compromised a few of our employees’ accounts with our cloud and source code hosting providers. Already having our primary access points for code and infrastructure behind strong authentication requiring two-factor authentication (2FA), we learned that SMS-based authentication is not nearly as secure as we would hope, and the main attack was via SMS intercept. We point this out to encourage everyone here to move to token-based 2FA.
Although this was a serious attack, the attacker did not gain write access to Reddit systems; they gained read-only access to some systems that contained backup data, source code and other logs. They were not able to alter Reddit information, and we have taken steps since the event to further lock down and rotate all production secrets and API keys, and to enhance our logging and monitoring systems.
Who were not affected?
1. The users who signed up after 2007 were not affected.
2. If a user doesn’t have an email address connected to their account or selected to not to receive with “E-mail Digests” they are not affected.
3. Reddit recommends that users search their Email inbox sent by [email protected].com from 3rd June to 17 June if they were affected.
How to Keep your Reddit Account Secure?
1. Change your password immediately.
2. Enable 2 Factor-Authentication (2FA) with an Authy or Google authenticator app, not SMS.
3. Do not click an unknown link in E-mail.
4. Use Physical Authentication keys for better security.