HYDERABAD: Servers of social news aggregation platform Reddit have been hacked and attackers have reportedly accessed data of users, including email addresses and data backup (like old passwords, usernames and chat details) from 2007. The hack, that happened a few months ago, came to light only this month after the company issued a press statement.
“A hacker broke into a few of Reddit’s systems and managed to access some user data, including some current email addresses and a 2007 database backup containing old salted and hashed passwords,” it said. Though Reddit might want you to believe that the data accessed was harmless, experts claim that it can be used to engineer other scams. McAfee security expert Gary Davis said, “If you received an email from a Reddit digest in June, then there’s a chance the hacker has your email address.
Cybercriminals can leverage this stolen information for phishing emails.” The issue also brought to light the flaw in SMS-based two factor authentication (2FA) which is needed for logging into Reddit accounts.
Two-factor authentication are an extra layer of protection used to ensure the security of online accounts beyond just a username and password.
“We learned that SMS-based authentication is not nearly as secure as we would hope, as the main attack was via SMS intercept,” Reddit engineers said urging users to shift to token-based 2FA, through a service like Authy or Google’s Authenticator. Token-based 2FA works like a one-time password — a new password is generated everytime you log in.