Threat Actor: Unknown | Unknown
Victim: Reddit | Reddit
Price: Not specified
Exfiltrated Data Type: Emails and encrypted passwords
Additional Information:
- The hacker obtained a copy of an old database backup containing user data from 2005 to May 2007.
- The stolen data includes email addresses and encrypted passwords.
- The attacker was not able to alter Reddit information.
- Reddit has taken steps to enhance security measures, including locking down and rotating all production secrets and API keys, as well as improving logging and monitoring systems.
- The attack was achieved by intercepting employees’ text messages containing one-time passcodes.
- Affected users have been notified about the breach.
The US social news site Reddit announced on Wednesday that several of its systems were hacked, resulting in the theft of some user data, including the e-mail address currently used by the user and a 2007 database backup containing the old encrypted password.
According to Reddit, the hacker obtained a copy of the old database backup containing the early Reddit user data, spanning the site from 2005 to May 2007.
“[The attackers] were not able to alter Reddit information, and we have taken steps since the event to further lock down and rotate all production secrets and API keys, and to enhance our logging and monitoring systems.” Reddit Founding Engineer Christopher Slowe wrote.
According to Slowe, Reddit discovered on June 19 that the attacker invaded the accounts of several employees of the company between June 14 and June 18.
According to Reddit, the attack was achieved by intercepting the employee’s text message, which contained one-time passcodes. The company also added that they had notified the affected users of the matter.
Original Source: https://securityonline.info/reddit-data-breaches/