A recently discovered Reddit data breach is now threatening the anonymity of the site’s users.
On Wednesday, Reddit’s founding engineer u/KeyserSosa announced that the site’s security had been compromised. The said Reddit data breach could allegedly threaten the anonymity of many of the website’s users.
“A hacker broke into a few of Reddit’s systems and managed to access some user data, including some current email addresses and a 2007 database backup containing old salted and hashed passwords. Since then we’ve been conducting a painstaking investigation to figure out just what was accessed, and to improve our systems and processes to prevent this from happening again,” u/KeyserSosa wrote.
According to the announcement, an attacker reportedly gained access to some of Reddit’s accounts with cloud and source code hosting providers last June 19. The hacker(s) breached the accounts by intercepting SMS 2FA verification codes.
Reddit confirmed that information from a 2007 database backup had been hacked. Meaning, the data of people who were already using the site from that timeline have been exposed, including email addresses, usernames, and passwords.
The company said that cryptographic salting and hashing defenses protect the passwords of Redditors. However, people who are still using their old passwords for their Reddit accounts or other online accounts are strongly encouraged to change their passwords.
“Although this was a serious attack, the attacker did not gain write access to Reddit systems; they gained read-only access to some systems that contained backup data, source code, and other logs. They were not able to alter Reddit information, and we have taken steps since the event to further lock down and rotate all production secrets and API keys, and to enhance our logging and monitoring systems,” u/KeyserSosa added.
Security experts now fear that the Reddit data breach could end up like the 2015 Ashley Madison breach where the information of some 33 million anonymous users was leaked online, resulting to divorces and two reported suicides.
“The Ashley Madison hack caused some problems in people’s lives because of the types of things they were doing online,” Robert Siciliano, a security analyst from Hotspot Shield, said.
“This breach, based on the nature of the information compromised and what some people post on Reddit, could definitely have a negative impact on relationships, employment, and other factors.”
To date, Reddit is host to some of the online world’s biggest pornography communities like the subreddit r/GoneWild where anonymous Redditors voluntarily share nude pictures. The said community has about 1.5 million subscribers.
“Without a doubt, anonymity is something users used to enjoy, but that is quickly going away due to the fact there have been, in the past two years alone, over 10,000 data breaches,” Siciliano added.