App image

A hacker stole a Reddit database backup from 2007 that includes passwords

Published 8/1/2018 by IanDorfman

Reddit has suffered a data breach that contains data from 2007, as well as data from June of 2018.

On the official r/announcements subreddit, Keyser Sosa, Reddit's Founding Engineer, detailed what was compromised with this security breach. A hacker managed to access select Reddit employees' accounts from June 14th to June 18th. The hacker did not gain access to write data on Reddit's servers. However, they did manage to steal two vast pools of data.

The first pool of data mentioned was all of Reddit's data from its launch in June of 2005 to May of 2007. This information includes both usernames and passwords (the passwords are salted and hashed), as well as public and private content and messages. Reddit is reaching out to all users impacted by this breach.

In addition to this old database breach, another pool of data was also stolen: June 2018 email digests distributed by Reddit. Though the only user data accessed from this are usernames and email addresses of users that had an email address associated with their Reddit account and had the “email digests” user preference checked between June 3rd to June 17th, it is still a good idea to take measures to secure your account.

Outside of those two major pools of data, other data compromised includes "source code, internal logs, configuration files and other employee workspace files," according to Sosa. None of this data has any user data.

Reddit recommends users change their passwords and enable two-factor authentication on their accounts.

Reddit on HyperVTX