Thursday, 2 August 2018

Reddit hacked, urges users to turn on token-based 2FA

Reddit announced to users that the site had a "security incident."

"On June 19, we learned that between June 14 and June 18, an attacker compromised a few of our employees’ accounts with our cloud and source code hosting providers. Already having our primary access points for code and infrastructure behind strong authentication requiring two-factor authentication (2FA), we learned that SMS-based authentication is not nearly as secure as we would hope, and the main attack was via SMS intercept. We point this out to encourage everyone here to move to token-based 2FA."

Data accessed includes all Reddit data through 2007, including account credentials and email addresses, along with source code and employee workspace files.

We had a security incident. Here's what you need to know. [Reddit]