Reddit, one of the world's most popular websites, announced on August 1, 2018, that it experienced a security breach in which some user data was compromised.
The breach mostly affects Redditors that have been on the site since 2007 or earlier, but even if you made your account at a later date, you should still keep reading as there's a chance some info was still exposed.
Between June 14 and June 18 of this year, Reddit says an attacker "compromised a few of our employees' accounts with our cloud and source code hosting providers." Although two-factor authentication was set in place, it was done so via SMS and the attacker in question was able to capture the codes using an SMS intercept attack.
The attacker was unable to get write-permissions to Reddit but did manage to obtain read-access to certain site systems.
While doing so, Reddit notes that the attacker obtained:
A complete copy of an old database backup containing very early Reddit user data -- from the site's launch in 2005 through May 2007.
With that database backup, usernames, salted + hashed passwords, email addresses, public content, and private messages were obtained (only if you had a Reddit account between 2005 and May 2007).
Additionally, the attacker also acquired:
Logs containing the email digests we sent between June 3 and June 17, 2018. The digests connect a username to the associated email address and contain suggested posts from select popular and safe-for-work subreddits you subscribe to.
What you can do to protect yourself
None of that's great, but thankfully, Reddit's already working to make sure any potentially affected users are protected.
If your account was created between 2004 and May 2007, Reddit's currently sending out PMs/emails with further instructions on what to do. Furthermore, any accounts that were active during this time are being forced to reset its password.
Even if Reddit doesn't force you to reset your password, doing so anyways is a good idea just to make sure all of your bases are covered. If you're not yet using a password manager, now's the time to change that.
Furthermore, two-factor authentication is something that everyone should be using by now. And, if you have the option, always use this with a token-based system rather than over SMS.
We may earn a commission for purchases using our links. Learn more.
Oculus Rift gets fix for stuttering issues with beta update
If you've been one of the users experiencing stuttering issues while playing VR games on the Oculus Rift, Oculus has a beta update that should solve all your problems. Find out how to get the update right now.
Want to try Surface Duo OS? Here's how on Windows 10.
In this guide, we'll show you the steps to download and install the Surface Duo emulator to start developing for the dual-screen device to get a feeling of the new experience.
Why Daniel Rubino doesn't care if the Surface Duo's camera is terrible
Some of us live on the edge of tech, and that often means giving something up to gain something new. In the case of Surface Duo, that may mean living with a less-than-ideal camera.
Make the most of your Surface Pen and Slim Pen with these awesome apps
To really maximize the ability of the Surface Pen and Slim Pen, there are some essential apps you should check out. We've rounded up the best right here for a variety of purposes.