Crooks hacked Reddit via SMS intercept attack and accessed user data

Hackers managed to bypass 2FA system on Reddit to access user data

Reddit hackCybercriminals bypassed two-factor authentication and accessed Reddit users' usernames, email addresses and encrypted passwords.

The representatives of Reddit informed about the data breach which took place between 14 and 18 June[1]. They believe that the attackers have compromised multiple employee accounts, cloud services and source code hosting providers. Criminals have used SMS intercept attack which allows assuming that users with two-factor authentication enabled may be affected[2].

Reddit explains that once the employee tries to log in, he/she must confirm the identity by entering a unique code which is sent directly to his/her device. In this case, hackers managed to redirect the messages with identification numbers to the devices which are controlled by the attackers.

We learned that SMS-based authentication is not nearly as secure as we would hope <..>

Fortunately, the criminals did not gain access to write and submit posts to the website. Although, they were able to read some user data. Reddit says that this is a severe attack which might link some anonymous users from the site to their real identities.

Attackers might have the ability to link usernames with corresponding emails

According to the analysis of Reddit data breach, experts say that hackers obtained usernames and corresponding email addresses. As a result, there is a substantial risk that criminals might expose real identities by linking the emails with usernames[3].

Furthermore, hackers got access to the encrypted passwords from a different server which contains credentials from 2007[4]. Reddit says that they have already started to inform people whose personal data has been exposed:

In the case where it's mapped to a username, this is also exposing the identities behind what is very frequently a deliberately anonymous account. People should be made aware of this and contacted individually.

Reddit switches from SMS-based to token-based authentication

The website not only started to notify the potential victims of the data breach but also informed law enforcement agencies. Currently, appropriate measures are taken to ensure that none of the other security measures would be bypassed by the attackers. One of them is switching from text-based to token authentication[5].

Additionally, Reddit improved the logging process and made it more thorough. IT specialists have employed a more advanced encryption technology to protect user data as well. Note that, Reddit has over 330 million users worldwide. Thus, ensuring secure private information storage is a must.

About the author
Alice Woods
Alice Woods - Likes to teach users about virus prevention

Alice Woods is the News Editor at 2-spyware. She has been sharing her knowledge and research data with 2spyware readers since 2014.

Contact Alice Woods
About the company Esolutions