Reddit hack exposes old private messages

Share

That's content both public and private posted to Reddit.

"We learned that SMS-based authentication is not almost as secure as we would hope, and the main attack was via SMS intercept", he shared.

Reddit breach - how did the hacker get into Reddit's systems?

Next, the fact that the company seems disappointed by the ease with which the attackers bypassed the SMS 2FA it was using on its cloud accounts even though this older form of authentication has well-publicised weaknesses, including SIM swap fraud.

Pope Francis: 'death penalty inadmissable'
It now says it is "inadmissible because it is an attack on the inviolability and dignity of the person". Though the church's teachings have evolved, Francis' views on the subject have not.

"From phishing scams and dictionary attacks - where fraudsters try certain common passwords based on the user's information - to synthetic identities, as little as an email address can go a long way in the hands of a bad actor". After the attack, additional steps were taken to lock down the compromised data, and reddit says that it rotated all production secrets and API keys.

As a result, Reddit is now switching to a token system - which involves buying a physical fob that produces log-in codes instead. This includes a complete copy of an old database backup of Reddit user data from the site's launch in 2005 through May 2007.

"In the Digital Identity Guidelines published by NIST a year ago, SMS-based authentication is considered risky and its use is restricted". In both port-out and SIM swap schemes, the victim's phone service gets shut off and any one-time codes delivered by SMS (or automated phone call) get sent to a device that the attackers control.

First, we learn that the company has known about this breach for more than a month, during which time it said nothing - even now it hasn't put a figure on the number of Reddit users that are at risk. You can see if your account was affected by following the instructions above. The company has said that "if there's a chance the credentials taken reflect the account's current password", it will make you reset your Reddit account password. That means the affected users are mostly people who joined the site in 2007 or earlier.

Britain's May to meet Macron in France on Friday
Only once has such a move actually brought down a French government, that of Georges Pompidou in 1962. A parliamentary inquiry into Benalla's actions is ongoing.

The second part of the breach potentially affects all users but is potentially less damaging.

The company is sending a message to affected users and resetting passwords on accounts where the credentials might still be valid. The digests also connected usernames to the email addresses to which the digests were sent, as well as suggested posts based on the subreddits to which the users subscribed.

Reddit is recommending that users - who may still be using passwords similar to the ones they had in 2007 - change their password on Reddit and other sites.

Similarly, if you had email digests turned off during the breach period, you're safe. Otherwise, search your email inbox for emails fromnoreply@redditmail.combetween June 3-17, 2018.

Sales tax holiday is more than back-to-school items
For information, visit tax.ohio.gov and look at the department's "Sales Tax Holiday Frequently Asked Questions" page. Missouri's tax-free holiday weekend begins at 12:01 a.m. on Friday and runs through midnight on Sunday.

Share