Current Events > Reddit got hacked. Old Emails and hashed and salted passwords stolen

(+) Yeah! (+)

http://thehill.com/policy/cybersecurity/399926-reddit-says-a-hacker-gained-access-to-some-user-data-including-current

A hacker broke into Reddit's employee computer network in June, gaining access to some of its user data, the company announced Wednesday.

Reddit, the news aggregation and discussion website, said the hacker tapped into "current email addresses and a 2007 database backup containing old salted and hashed passwords" between June 14 and June 18, according to a blog post. The company learned about the attack on June 19.

The company in part blamed a failed two-step authentication process, which is supposed to add an extra security layer when a user logs into an account by requiring the user to enter a passcode sent to their phones when they try to log on to their employee accounts.

"Already having our primary access points for code and infrastructure behind strong authentication requiring two factor authentication (2FA), we learned that SMS-based authentication is not nearly as secure as we would hope, and the main attack was via SMS intercept," the post reads in part. "We point this out to encourage everyone here to move to token-based 2FA."

well since it was only hashed passwords, its whatever unless they can crack it.

and like i said, SMS 2fa sucks! the hacker can just social engineer their way into getting your phone number on their phone and its useless!

if you have sms 2fa on anything, use the real deal, or call your carrier and tell them to NEVER. EVER. EEEEEEEEEEVER let someone without a special code change your account info. i had to sign up for this with tmobile. it should be default but its not. so dumb.
---

also do yourself a favor and see if your emails/passwords have been stolen in some breach

https://haveibeenpwned.com/

put your email in there and see if anything that you signed up for had its infomration breached, and change your passwords

USE 2FA

HACKERS STAY AWAY!!!
---

guys

a major website got hacked

no one cares?

oh yeah i forgot the magic words

RUSSIA DID IT
COLLUSION
TRUMP
---

Good thing I didn't get into reddit until about two years ago!!
---

thanks for the heads up.
i know my email was part of the target and yahoo hacks already.

i changed passwords a few times since and not really sure what else to do lol
---

HBOSS posted...

thanks for the heads up.
i know my email was part of the target and yahoo hacks already.

i changed passwords a few times since and not really sure what else to do lol

maybe consider a password manager?

i use chrome's built in one. it saves all the passwords to my google account (which is protected under 2 factor authentication). when i sign up for something, i right click the password field and it auto generates one like : 2diwoFJOiejsl5sFS
then it saves it and autofills anytime i go to the website.

that way, if a hacker gets my password, it wont work on all my accounts. nor can they guess it or even brute force it.
---

Who doesn't use a unique password for their email and banking??? That's just common sense, right
---

_BlueMonk posted...

also do yourself a favor and see if your emails/passwords have been stolen in some breach

https://haveibeenpwned.com/

put your email in there and see if anything that you signed up for had its infomration breached, and change your passwords

USE 2FA

HACKERS STAY AWAY!!!

16 breaches for me!
---

dbf50 posted...

Who doesn't use a unique password for their email and banking??? That's just common sense, right

lots of people.
---

E32005 posted...

16 breaches for me!

yeesh lol. my old email that i used about 10 years ago has like 24 breeches. i changed them all and changed any account that used that email for a log in lol.
---

It only effects people who used emails for their accounts from over a decade ago, when Reddit wasn't even all that big. Not many people, that is.
---

I didn't even know reddit was around since 2007

didn't think it was really a thing until 2009
---

Im just proud of them for taking those security concerns when they were small. There are big companies that still store in plaintext
---

This would never happen to gamefaqs.gamespot.com

Should I be changing my Reddit password?
---

Eh, it doesnt matter. The Chinese already have literally everything on me. Social Security number, date of birth, employment history, residence history, criminal history, Selective Service draft number, fingerprints... the works.
---

MrToothHasYou posted...

Eh, it doesnt matter. The Chinese already have literally everything on me. Social Security number, date of birth, employment history, residence history, criminal history, Selective Service draft number, fingerprints... the works.

lol why do they have it.

what are you doing
---

Authentic_fan posted...

This would never happen to gamefaqs.gamespot.com

---