The attackers managed to compromise the accounts of several Reddit employees who had access to cloud storage and source code.Īccess to the employees’ accounts was protected by two-factor authentication, but through the traditional, old-fashioned method of delivering one-time passwords in SMS messages. The attack itself happened sometime between June 14 and 18. On June 19, 2018, the Reddit team realized that there had been a data leak. This is why physical 2-factor or at least app-based 2FA is superior. Of particular note was that the intruders managed to bypass SMS-based two-factor authentication in the compromise. Reddit just disclosed a breach, says it’s still investigating severity. Why did the SMS-based two-factor authentication fail, and what can you replace SMS messages with if you’re still using them?.Who were the victims of the Reddit attack, and how can you tell if you’re one of them?.What exactly happened, and what is Reddit doing to minimize the consequences of the attack?.The attackers were able to intercept SMS messages containing one-time passwords, gaining access to the accounts of several Reddit employees. The hackers were also able to access the e-mail addresses and logins of all users who received the site’s newsletter in June 2018. The attackers managed to extract logins, e-mail addresses, passwords (salted and hashed, fortunately), and even a complete list of private messages from users who joined the site before 2007.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |