Hackers Snagged Reddit IT Admin Accounts
Reddit is the most known discussion forum on the internet, and later today they announced that the hacker managed to fiddle with their system and have managed to leak user’s data and other information.
In a post-mortem, Reddit said the attack was serious and resulted in an old database backup and a newer set of “email digests” sent to users being accessed.
In a statement, Reddit said that the attack was severe and it has cost them old database backup being accessed. The backup files have information like username, hashtags, passwords and other public content. The files also had private messages of users from 2005 till 2007, besides employees’ workspace files.
Nevertheless, the hackers were not able to gain entry into Reddit systems and hence could not delete any files or data. The only way they gained access was through Reddit employee accounts with their cloud and source code hosting providers. Reddit has a two-factor authentication to keep its staff login secured, and the response code was transmitted via SMS, which was intercepted by the hackers.
Reddit founding engineer Christopher Slowe said “We learned that SMS-based authentication is not nearly as secure as we would hope, and the main attack was via SMS intercept,”
SMS authentication continues to be widely used, in spite of the fact that it is insecure. Reddit has now decided to protect its staff logins with token-based 2FA rather than SMS codes. It will notify affected users of the data breach, and reset their passwords, said Reddit.
Some Reddit users reported that they had already received extortion-based phishing emails that cited the hacked credentials.
The emails quote the passwords taken from the 2007 database backup, and claim malware has been installed on users’ computers that are able to record what’s on the screen as well as activate the webcam.