An unknown hacker has breached Reddit systems and stole a huge cache of user details such as email IDs and passwords. The company's cybersecurity experts came to know about the incident on June 19 and it is believed that the hack took place between 14 June and 16 June.
Since then, Reddit has conducted its own investigation on the security breach in addition to filing the complaint to the local cyber law enforcement agencies. They are also assessing what information has been compromised and on how to improve its current Two-factor security validation. This involves moderators and users to invoke a token for One-Time-Password on their mobile to access their account on Reddit.
It is believed that hackers without physically manipulating users' mobile devices have spoofed the third-party server service provider and diverted the OTP to use it and breach Reddit security system.
Here's what has been compromised in Reddit's hacking incident
- A complete copy of an old database backup containing early Reddit user data -- from the site's launch in 2005 through May 2007 was compromised. The company said that in the early years, it had fewer features, so the most significant data contained in this backup are account credentials (username + salted hashed passwords), email addresses, and all content (mostly public, but also private messages) from back then.
- Logs containing the email digests that were sent between June 3 and June 17. The logs contain the digest emails themselves. The digests connect a username to the associated email address and contain suggested posts from select popular and safe-for-work subreddits that you had subscribed.
- Hackers also seem to have accessed Reddit storage systems and data such as Reddit source code, internal logs, configuration files and other employee workspace files. However, these two areas are the most significant categories of user data, the company claimed.
Reddit has commenced sending emails to all the affected users and they will be asked to change their passwords and if needed, will have other credentials such as security questions as well.
Should you be worried?
It goes without saying; users need to develop eternal vigilance while working online. Those who are still using the same password of the Reddit user ID since 2007-09 are vulnerable to getting hacked and are advised to change it immediately. Also, if you have used the same credentials for other online accounts, you need to change them right away too.
Not just the Reddit users, this applies to all users who make online transaction be it on e-commerce or the social media engagement. As the proverb goes -- prevention is better than cure -- users have to change passwords almost every two to three months to prevent any threats from hackers.
For the past couple of years, we have witnessed several hacking incidents more than ever before. With each new attack such as WannaCry, Locky, Mamba and NotPetya, the consequences are becoming more deadlier; particularly the ransomware, which tend take control of the whole system or server and block access for users.
Following this, hacker demands monetary ransom mostly in terms of Bitcoins (or other cryptocurrencies). Certain viruses such as nRansomware, developed by a bunch of perverted hackers ask 10 nude pictures of the victims as a pay-off to unlatch the locked information.
It is advisable for everybody to have a multiple user ID and passwords combinations, to safeguard from future cyber attacks.
Here's how to protect your PC from ransomware and malware:
- Always keep your personal computers updated with the latest firmware. Most software companies including Microsoft and Apple usually send software updates regularly --weekly or monthly -- and make sure to update them immediately
- Make sure to use premium anti-virus software, which also provides malware protection and Internet security
- Never open e-mails sent from unknown senders
- Disable ActiveX content in Microsoft Office applications such as Word, Excel, etc.
- Disable Remote Desktop Connections and employ least-privileged accounts. Limit users who can log in using Remote Desktop and set an account lockout policy. Ensure proper RDP logging and configurations
- Never install plugins (for browsers) and application software on the PCs from un-familiar publishers
- System administrators in corporate companies should establish a Sender Policy Framework (SPF) for their domain, which is an e-mail validation system designed to prevent spam. It can also detect e-mail spoofing by which most of the ransomware samples successfully reaches the corporate email boxes.
Additional security measures to be considered by system admins:
- Use RDP Gateways for better management
- Change the listening port for Remote Desktop
- Tunnel Remote Desktop connections through IPSec or SSH
- Two-factor authentication may also be considered for highly critical systems
Also read: Here's US Homeland Security and FBI-approved steps to improve cybersecurity