What You Need to Do Next

What You Need to Do Next

What You Need to Do Next

Reddit's announcement is a great example of why it's important to read breach notifications carefully.

It's a common way to protect your account from people who have nicked your password.

"They were not able to alter Reddit information, and we have taken steps since the event to further lock down and rotate all production secrets and API keys, and to enhance our logging and monitoring systems", the company said.

"We learned that SMS-based authentication is not almost as secure as we would hope, and the main attack was via SMS intercept", Reddit founding engineer Christopher Slowe said.

Reddit logs
Reddit logs

As a result, Reddit is now switching to a token system - which involves buying a physical fob that produces log-in codes instead. Attackers had access to the complete copy of this old database, which carried information on users that the company had from its launch in 2005 to 2007.

Keith Graham, chief technology officer for SecureAuth + Core Security, said: "While SMS-based authentication is popular and much more secure than password alone, it's widely known to be vulnerable to cybercriminals who have hacked many celebrities using this method".

None of that's great, but thankfully, Reddit's already working to make sure any potentially affected users are protected.

Reddit has confirmed that it was the victim of a cyber-attack in June.

Suddenly the White House cares about election security. Can we believe it?
Susan Collins, R-Maine, called the tweet "highly inappropriate" and dismissed the possibility that Mueller is going to be fired. Adam Schiff said the tweet amounted to "an attempt to obstruct justice hiding in plain sight". "America must never accept it".

Finally, the company has called on users to use a strong password and to enable two-factor authentication via an authenticator app.

If you are an affected user, you'll receive a message with a warning. Whether or not Reddit prompts you to change your password, think about whether you still use the password you used on Reddit 11 years ago on any other sites today.

Reddit says it plans to notify all affected users and is encouraging users to reset passwords for accounts that might still be using decade-old passwords.

The hacker was able to compromise Reddit's employee accounts to get hold of some current email addresses and logs of "email digests" sent between June 3 and June 17. If you signed up for Reddit after 2007, your account wasn't compromised. Nor would the person provide a figure for how many users were receiving the email digest at the time of the breach.

Trump to Sessions: end Russian Federation probe 'right now'
Posters of people who have plead guilty in Robert Mueller's probe are shown during a joint House committee hearing in Washington . Moscow has denied such interference, and Trump has denied any collusion by his campaign or any obstruction of justice.

What was accessed: Logs containing the email digests we sent between June 3 and June 17, 2018. Here's what you need to know? If you meet the criteria mentioned in the full breakdown, you should probably change your Reddit password - and you should probably look into two-factor authentication, either way.

The fact that the leaked passwords were encrypted isn't good enough, sadly.

Call of Duty Black Ops 4 Blackout Teased in Multiplayer Beta Trailer
Another session will be held the week after that, with both PS4 and Xbox One fans able to join the action. As such, the upcoming Call of Duty: Black Ops 4 multiplayer beta is ready to go and will start this week.

Related news