On August 1st, popular internet discussions board Reddit made an announcement that they had suffered from a data breach between June 14th and June 18th. Because of this breach, user data including email addresses and passwords could have potentially been leaked online. Though there's no way to know if you've been affected, here's everything you need to be aware of to ensure that your account remains secure.
More about the breach
Reddit consists of many hundreds or thousands of 'sub-reddits', categorised areas of the website in which users can discuss specific topics. Within the 'announcements' sub-reddit, the company highlighted how 'a hacker broke into a few of Reddit's systems and managed to access some user data, including some current email addresses and a 2007 database backup containing old salted and hashed passwords.'
'Since then we've been conducting a painstaking investigation to figure out just what was accessed, and to improve our systems and processes to prevent this from happening again.'
Through a sophisticated attack on the website, the third party managed to circumvent the site's authentication system, which uses SMS two-factor verification. Reddit confessed that this system wasn't nearly as secure as they would hope.
What to do next
Though there’s no way to know whether your data was compromised by the breach, if you’re a Reddit user, then there are some steps that you should take following this revelation. The important thing to note is that only users who signed up in 2007 or earlier will be affected.
- Reddit does hold information regarding which users' have had their account data compromised. If you're amongst this group, then the company will be sending you an email reminding you how to change your account password. This should be done immediately, and you can indeed go to the Reddit website directly to do so right away.
- You should double-check whether you received a 'Reddit digest' (email summary) in June 2018, as this data was accessed by the hacker. If you did receive this email, then it's worth deleting the message to ensure that you aren't exposed to any potentially malicious attachments.
- In addition to immediately changing your Reddit password, you should also consider deleting anything on your Reddit account that you wouldn't want to be associated with your email. Some users frequently post topics on this website that they would not want to be associated with their identity. You can find out more information about how to do so in the 'Help' section of the Reddit website.
It seems that password breaches are becoming more frequent than ever in the increasingly connected world; we regularly receive emails from websites that have suffered data breaches. This is where certain software packages can benefit you, such as Dashlane, a password manager that monitors for online leaks of your personal data.
If you have any other concerns about your personal security and would like tips on how to lock down your personal data, then you can speak to WiseGuys on 0808 123 2820. We can provide advice on topics such as setting up a mobile VPN.