Reddit announced today that its systems had been hacked at some point earlier this summer.
According to the statement published by Reddit CTO Christopher Slowe ("KeyserSosa"), the breach happened sometime between June 14 and June 18 and they discovered it on June 19. That's content both public and private posted to Reddit.
Reddit explained that the main attack was executed via an SMS intercept.
Reddit breach - how did the hacker get into Reddit's systems?
The company goes on to recommend a strong, unique password and the enabling of two-factor authentication - not provided via SMS - for all users, and to keep a look out for potential phishing or scams.
But the logs also connected user names with their associated email address.
It's a common way to protect your account from people who have nicked your password.
Reddit said hackers were able to gain access to the firm's information by breaching its measures for protecting employees' credentials.
As a result, Reddit is now switching to a token system - which involves buying a physical fob that produces log-in codes instead. Even the SMS-based authentication is better than simply protecting your account with a password.
Users whose data was accessed will be notified directly and are advised to change their password and additionally secure their accounts with 2-factor authentication. In both port-out and SIM swap schemes, the victim's phone service gets shut off and any one-time codes delivered by SMS (or automated phone call) get sent to a device that the attackers control. Reddit says it's already taken steps in the weeks since the attack to further lock down and rotate all production secrets and API keys, and to enhance logging and monitoring systems. Is is there that you'll find the instructions you seek for the deleting of content you wish to delete. You should also change it for any other accounts that may share the same password.
This matters because the June 2018 cache of email addresses and usernames could reveal a lot about users who rely on a degree of anonymity when using Reddit.
The second part of the breach potentially affects all users but is potentially less damaging.
Reddit has confirmed that it's sending messages out to all affected users and resetting their passwords.
And for users whose email addresses were accessed through the email digest, Reddit said, "think about whether there's anything on your Reddit account that you wouldn't want associated back to that address". A user pointed out in the comment section that if privacy is a concern, affected users should delete any "incriminating" posts they could otherwise be traced back to.