Reddit’s admins announced today that its systems were hacked earlier this summer. The Reddit hack involved an attacker bypassing the site’s SMS-based two factor authentication, an authentication mode that we’ve known for years is insecure.
Sometime between June 14 and June 18, a hacker “broke into a few of Reddit’s systems and managed to access some user data, including some current email addresses and a 2007 database backup containing old salted and hashed passwords.”
The person accessed early user data, which includes everything from the year 2007 and before. Email addresses, usernames, and salted/hashed passwords were most likely accessed.
If your information was part of the data breach, Reddit will send you a message with instructions on how to change your password. Only people who signed up for Reddit in 2007 or before are affected. Check your Reddit inbox for a message from firstname.lastname@example.org.
Change your password as soon as possible. Even if you haven’t gotten a message, it can’t hurt to update your credentials. As always we at The Mac Observer recommend using a password manager like 1Password or LastPass.