Reddit Says User Data Between 2005 and 2007 Breached

Reddit is now facing the biggest difficulty regarding their Data Security.
The Social media network Reddit had a hacker crashed into systems and obtained some user data, including current email addresses and a 2007 database reserve including past encrypted passwords.

The aforementioned was a dangerous attack, therefore the trouble did not gain communicate access to Reddit systems; because they received a read-only way to some orders that included backup data, reference code, and other logs. People held not able to change Reddit data, and we have taken actions since the event to additional lockdown and switch all production secrets and API keys, and to improve our logging and monitoring systems.

what information the intruder accessed.

1. All Reddit data from 2007 and before starting account credentials and email addressess

(i) Whichever occurred received: Therefore A whole copy of an old database backup including quite early Reddit user data — of the site’s launch in 2005 through May 2007.

(ii) Whence to determine if your data was entered: Because We are transferring a message to concerned users and resetting keys on accounts where the credentials strength still be valid. If yourself expected up for Reddit after 2007, you’re innocent here.

2. Email digests sent by Reddit in June 2018

(i) Whichever occurred received: Records including the email summaries we took between June 3 and June 17, 2018. The records contain the extract emails themselves — they look like this. Some articles distinguish a username to the associated email approach and hold informed support of select modern and safe-for-work subreddits you subscribe to.

(ii) Unless explore your email inbox for emails from [noreply@redditmail.com](mailto:noreply@redditmail.com)

Since this intruder must appreciate a way to our accommodation rules, different data held obtained so as Reddit reference code, inside logs, shapefiles and additional help workspace files, but those two areas are the most important sections of user data.

Something is Reddit doing about it?

1. Reported the issue to law enforcement and are cooperating with their investigation.
2. Do information user reports if there’s a chance the credentials taken reflect the account’s current password.
3. Used actions to ensure that new positions of free access to Reddit’s rules do further secure (e.g., enhanced logging, more encryption and requiring token-based 2FA to gain entry since we find faults essential to SMS-based 2FA to be the root cause of this disturbance.)

Anything can you do?

1. First, check whether your data was included in either of the categories called out above by following the instructions there.
2. Statement credentials did break and there’s a chance the credentials relate to the password you’re currently doing on Reddit, we’ll perform you reset your Reddit account key. Whether or not Reddit assists you to change your key, think about whether you still use the key you used on Reddit 11 years ago on any other sites today.
3. You can find instructions on how to remove information from your account on this help page.
4. Also, as in all things, a strong unique password and enabling 2FA (which we only provide via an authenticator app, not SMS) is recommended for all users, and be alert for potential phishing or scams.