Reddit data breach: Your private information could have been hacked since 2007
News aggregation site Reddit is the latest of internet giants to become embroiled in a data breach – although it is not disclosing the extent of the scandal. The site has revealed that hackers compromised employees’ accounts, gaining illicit access to databases and logs.
The hackers in question unearthed not just usernames but corresponding email addresses, meaning it’s very possible to link site activity to real identities. In what one can only assume is a PR move, Reddit is refusing to publicly reveal the extent of the data breach.
But how were hackers able to infiltrate the self-professed “Front Page of the Internet”, and for how long? The site has revealed that the hackers in question were able to compromise a database of credentials from 2007, freeing them up to access encrypted passwords.
For its part, Reddit has assured users it will inform those affected by the loss of data, but has drawn the line at contacting those affected by the broader breach. The move – considered to be some kind of damage control – has dumbfounded security experts, who dub the decision irresponsible.
Speaking to the BBC, prominent security researcher Troy Hunt, whose speciality lies in data breaches affecting consumers, revealed the extent of his incredulity: “This is personally identifiable data that’s been exposed in what is unequivocally a data breach, why on earth wouldn’t you notify people?”
Hunt went on to advise that, “[i]n the case where it’s mapped to a username, this is also exposing the identities behind what is very frequently a deliberately anonymous account. People should be made aware of this and contacted individually.”
How to tell if you’ve been affected by Reddit’s data breach
Meanwhile, Reddit is flagging up warning signs to its users, suggesting that so-called “Redditors” should be concerned if they’ve received an “email digest” from the firm between 3 and 17 June 2018 – the time frame in which hackers were operating.
“If your email address was affected, think about whether there’s anything on your Reddit account that you wouldn’t want associated back to that address,” warned Christopher Slowe, Reddit’s chief technology officer, in a post on the site.
We will be updating this story as and when new information comes in regarding Reddit’s recent data breach.
Lead image: djandyw.com, used under Creative Commons