Emails, Passwords, and Private Messages Stolen in Reddit Hack

Data breaches on large companies and notable websites are almost becoming a daily occurrence as we wake up today to an attack on Reddit, the popularized social media network known for aggregating member submitted content.

Social media networks have long been a primary target for hackers who look to breach data. The recent attack on Reddit comes only after the company changed its User Agreement and Privacy Policy months ago that included a ban on transactions for illegal sales.

While the unknown hackers' agenda in attacking Reddit hasn't been made clear, the social media giant has assured its user base, compromised of over 230 million users, that the hackers were only able to get read-only access to some of its systems containing users' backup data, internal logs, source code, and other files. The most significant data compromised by the hackers contained in the backup was account credentials, email address, and private message content.

Reddit Users Should be Concerned but not Panicked

Before those who use Reddit become paranode about their account credentials (username, hashed password) being stolen by hackers, they should realize that the credentials are in fact salted and hashed passwords and they cannot be utilized by just anyone. Fundamentally, a hashed password would be nearly impossible to decipher or turn into a usable password, which is a form of encryption that cannot be defeated. However, in the scope of the data breach allowing hackers to make off with other data, the company is encouraging users to move to better authentication methods on their mobile phone using the Reddit app.

The process of moving to a better source of authentication, in turn, would help reduce the fallout from data breaches such as the one that has taken place on Reddit. It appears that the hackers were able to bypass the SMS-based two-factor authentication granting them access to intercept SMS messages meant to reach Reddit employees. Essentially, the hackers were able to compromise a few Reddit employee accounts thus obtaining access to conduct the data breach.

Currently, Reddit is saying that users can follow steps that they have mentioned in their data breach announcement page to check if their account is one that was compromised. For such users, Reddit will reset passwords and directly notify them with tips on how they can protect themselves.

The Reddit data breach comes at a time when we're seeing such cases happen at a record pace. Even though one data breach is one too many, the pace at which they are coming should be a wakeup call for everyone - not just computer users but those who implement security and protection features on large networks. Those who oversee security for large networks may have to look outside the normal protection methods as the Reddit hackers seem to have found methods to bypass security features already in place.