Reddit's Been Hacked - Here's How to Check if It Hit You

Reddit's Been Hacked - Here's How to Check if It Hit You

But the site says it is contacting those who have been hacked.

It emailed users and published a post on 1 August to announce that a hacker broke into its systems and accessed user data, including current email addresses and a 2007 database backup with old usernames and passwords that were scrambled (or "salted and hashed") for protection. If so, Reddit users could be potentially robbed of their anonymity if usernames are connected to emails.

"Whether or not Reddit prompts you to change your password, think about whether you still use the password you used on Reddit 11 years ago on any other sites today", the site said. Reddit said if you don't have an email address associated with your account or your "email digests" user preference was unchecked during June 3-17, 2018 you're not affected.

Reddit says "a few" staff members had their accounts compromised, adding: "We learned that SMS-based authentication is not almost as secure as we would hope".

Additionally, the site said the alleged hacker also compromised a few of its employees' accounts with its cloud and source code hosting providers. The company is also encouraging users to enable token-based two-factor authentication through Authy, Google's Authenticator, or a similar service.

'Because that sounds like a mother of all ticking time bombs, for a potential privacy breach.

Monday's trade roundup: Yankees add long reliever
Minnesota will send $2 million to the Yankees to cover half of the $4 million remaining in Lynn's $12 million salary. Happ from Toronto , and dealt left-hander Chasen Shreve and right-hander Giovanny Gallegos to St.

"The most common technique is most likely use of smartphone malware which automates the process of stealing passwords and obtaining verification codes while obfuscating the activity from the end-user but this seems less likely in such a targeted campaign", he added.

Security and data breaches have pretty much become the norm for tech companies as of late. If you think you probably made some comments back in the years 2005, 2006, 2007 that you weren't proud of - public or private - you can delete them now, if you wish.

The Reddit team is cooperating with law enforcement and taking steps to further secure the site. You'll also find your password has been reset if your stolen credentials might still be valid.

If you don't have two-factor authentication, it's a good idea to use it on your most important accounts, like Facebook or your bank, which can usually be activated in the settings page.

He did not say how the employees' passwords were compromised, nor how the attacker was able to intercept the SMSes with the additional authentication factor. "While two-factor authentication can help a lot, it has to be the right kind of two-factor". "In fact, recent McAfee research reveals a third of people rely on the same three passwords for every account they're signed up to and this needs to change immediately", said Allen Scott, the consumer EMEA director at security company McAfee. It's more secure than SMS simply because the attacker in that case would need to steal your mobile device or somehow infect it with malware in order to gain access to that one-time code.