Reddit Hacked Through 2FA – Two Factor Authentication Using SMS

Reddit has announced that their forum hosting platform was hacked.  Reddit is the foremost community forum for social news aggregation,  web content rating and discussion website.

For most Zambians who don’t know Reddit you can check it and if you are power news hungry and content seeker that will be your platform.

Reddit is similar to Facebook but different in many ways. 

• User’s interest are center of experience with Reddit while
• User’s friends are center of experience on Facebook
• At Reddit reward for a good post is Karma while Facebook is Likes
• Sexual obsession is core at Facebook however Reddit doesn’t care and you can open as many accounts as you wish.

More On Reddit Paradise Papers discovery first happened on Reddit

How it happened – Reddit Hacked.

We had a security incident. Hackers intercepted the SMS from the 2FA and then used the code in the SMS to access backend data.  The hacker broke into a few of Reddit’s systems and managed to access some user data, including some current email addresses and a 2007 database backup containing old salted and hashed passwords. KeyserSosa announced.

In cryptography Salt is a random data that is used as an additional input to a one-way function that “hashes” data e.g a paraphrase. Salt protects users stored password from been read by the system. However once you have access to a database there are several tools that crack salted and hashed passwords.

Information that was accessed dates back to accounts that were opened before 2007. So if your account was opened after you are not affected. Yet still Reddit is actively resetting passwords to all accounts that were opened before that period.

What You Need To Do According to Reddit

• Check if your account credentials were affected and there’s a chance the credentials relate to the password you’re currently using on Reddit. We’ll make you reset your Reddit account password.
• Whether or not Reddit prompts you to change your password, think about whether you still use the password you used on Reddit 11 years ago on any other sites today.
• Read the full instructions at Reddit Anoucement

It will also be wise to check the following:

If your email address was affected, think about whether there’s anything on your Reddit account that you wouldn’t want associated back to that address. You can find instructions on how to remove information from your account on this help page.

And, as in all things, a strong unique password and enabling 2FA (which we only provide via an authenticator app, not SMS) is recommended. Be alert for potential phishing or scams.

More: Reddit has even thrown in a vacancy

On a related note, if you’d like to help out here and have a security background, we actually have a couple of open security roles right now.

• Cloud Security Engineer

• Threat Detection Automation Engineer

More Posts That May Interest You:

Guidelines To Making Secure Passwords Here Are Eight Tips For Ensuring Your Passwords Are As Strong As Possible. Yes Instagram Accounts Hacked Says Mashable How to Tell Your Facebook Account Was Hacked 10 Million Passwords and Usernames Published Online Recent data breaches you could have been pawned in Apple two-factor authentication finally available for Zambia What is MTN Prestige Bundles What is SMS 3 important security tips for your email iPhone X Is Discontinued But In Zambia, It’s Selling At K17,000 Who can use Facebook: Convicted sex offenders are not allowed to use Facebook Finally Chat will Put To Use My Thousand SMS Bonus One UI 3 Upgrade Android 11 Full Changes Facebook Business Page Template Changes How ransomware bad rabbit spread Zambian mobile users wake up to mass ZICTA SMS alerts Security Top News From Last Week – Teenager Hacks Apple Servers Zamtel Velocity caps its unlimited internet packages How Facebook maybe a danger now and in the future