Reddit Is Hacked — Company Discloses Data Breach ‘Security Incident’

This includes old private messages, user names, encrypted passwords — and even some current emails

The popular social media platform Reddit has been hacked, Reddit’s founding engineer, Christopher Slowe, disclosed on Wednesday.

The data breach occurred between June 14 and June 18, Reuters reported, and Reddit discovered the breach on June 19, according to a company announcement.

Described as a “security incident,” the main attack was via SMS (short message service) intercept.

Reddit notes that though the attack was serious, the hacker had read-only access and was therefore thwarted from altering any Reddit information.

Do you support individual military members being able to opt out of getting the COVID vaccine?

By completing the poll, you agree to receive emails from LifeZette, occasional offers from our partners and that you've read and agree to our privacy policy and legal statement.

“We have taken steps since the event to further lock down and rotate all production secrets and API keys, and to enhance our logging and monitoring systems,” noted Slowe.

In addition, the company has reported the breach to law enforcement and is cooperating with the associated investigation.

Information involved includes all Reddit data from 2007 and earlier. This includes user names, “salted hashed passwords,” email addresses, and private messages that were created between 2005 and 2007.

The company advises longtime users who may still be working with their original account credentials to reset their passwords, and it’s sent messages to users whom the breach may have affected, whether or not Reddit automatically prompts an account reset.

Related: Why the Equifax Breach Should Be a Wakeup Call to All

In addition to the data noted above from the site’s launch in 2005 until 2007, email digests that Reddit sent in June of 2018 were also involved in the hack — the digests connect user names with email addresses.

Those who didn’t have an email address associated with their account or who opted out of receiving email digests should be in the clear.

The platform also encourage users whose email addresses may now be in the hands of a hacker to “think about whether there’s anything on your Reddit account that you wouldn’t want associated back to that address.”

Michele Blood is a Flemington, New Jersey-based freelance writer and a regular contributor to LifeZette.

Join the Discussion

COMMENTS POLICY: We have no tolerance for messages of violence, racism, vulgarity, obscenity or other such discourteous behavior. Thank you for contributing to a respectful and useful online dialogue.

Notify of
Inline Feedbacks
View all comments