Reddit has confirmed that a hacker broke in some of their systems and gain access to user’s data, causing data breach which includes usernames, passwords, and email addresses of users. Social media giant explains there are two sets of data that has been compromised; one from 2007 containing account details and 2005 and May 2007 all public-private posts, as per reported by the guardian.
Second is the data log and databases associated with the user’s daily digest emails which were also accessed in between June this year, and it includes usernames, emails, passwords linked to those accounts. The company found out on 19th June about the systems were hacked, four days after the data breach. The hackers bust into one of their employee’s account which was protected by SMS two-factor authentication.
Company’s Cheif technology officer Christopher Slowe said, “If your account credentials were affected and there’s a chance the credentials relate to the password you’re currently using on Reddit, we’ll make you reset your Reddit account password.”
Reddit also wrote, “We learned that SMS-based authentication is not nearly as secure as we would hope.”
SMS-based two-factor authentication is a process through which the Reddit employees account is protected, it requires one-time passcode along with username and password. The company is certain that hackers may have intercepted those messages in order to gain access, but luckily unable to change any of the data.
Keith Graham the Chief technology officer of SecureAuth said, “While SMS-based authentication is popular and much more secure than the password alone, it’s widely known to be vulnerable to cybercriminals who have hacked many celebrities using this method.
Moreover, Reddit is currently figuring out to make accounts more secure and private, for this, they have already asked users to reset their account password so they can further look up for the ways to make it user protected.