Reddit, one of the world's most popular websites, announced on August 1, 2018, that it experienced a security breach in which some user data was compromised.
The breach mostly affects Redditors that have been on the site since 2007 or earlier, but even if you made your account at a later date, you should still keep reading as there's a chance some info was still exposed.
Between June 14 and June 18 of this year, Reddit says an attacker "compromised a few of our employees' accounts with our cloud and source code hosting providers." Although two-factor authentication was set in place, it was done so via SMS and the attacker in question was able to capture the codes using an SMS intercept attack.
The attacker was unable to get write-permissions to Reddit but did manage to obtain read-access to certain site systems.
While doing so, Reddit notes that the attacker obtained:
A complete copy of an old database backup containing very early Reddit user data -- from the site's launch in 2005 through May 2007.
With that database backup, usernames, salted + hashed passwords, email addresses, public content, and private messages were obtained (only if you had a Reddit account between 2005 and May 2007).
Additionally, the attacker also acquired:
Logs containing the email digests we sent between June 3 and June 17, 2018. The digests connect a username to the associated email address and contain suggested posts from select popular and safe-for-work subreddits you subscribe to.
What you can do to protect yourself
None of that's great, but thankfully, Reddit's already working to make sure any potentially affected users are protected.
If your account was created between 2004 and May 2007, Reddit's currently sending out PMs/emails with further instructions on what to do. Furthermore, any accounts that were active during this time are being forced to reset its password.
Even if Reddit doesn't force you to reset your password, doing so anyways is a good idea just to make sure all of your bases are covered. If you're not yet using a password manager, now's the time to change that.
Furthermore, two-factor authentication is something that everyone should be using by now. And, if you have the option, always use this with a token-based system rather than over SMS.
PS5 games prices are higher than Xbox — but is that a good thing?
Sony's PlayStation 5 reveal came with some big caveats, and one of the most overlooked ones is the fact that games will be more expensive, seemingly across the board. Should Microsoft and Xbox jump on that train as well?
Review: Gigabyte's Z490 AORUS ULTRA is a gorgeous Intel motherboard
Gigabyte's Z490 AORUS ULTRA is a motherboard you should consider for a 10th or 11th Gen Intel-powered PC. On paper, it has plenty going for it, including amazing power design and cooling, passively cooled M.2 slots and good overclocking support.
You can get the Windows 10 October 2020 update early – here's how
In this guide, we'll show you the steps to upgrade your computer to the final release of the Windows 10 October 2020 Update before it's officially available to everyone.
Make the most of your Surface Pen and Slim Pen with these awesome apps
To really maximize the ability of the Surface Pen and Slim Pen, there are some essential apps you should check out. We've rounded up the best right here for a variety of purposes.