Sin categoría

The biggest Internet forum hacked


Reddit attacked by hackers

Another day, another forum hacked by a massive attack on one of the largest companies in the world.

This week it was the giant Reddit who in recent months has angered his users. This is due to the account banning policies or moderator roles of this platform.

The social network announced that it suffered a security breach in June.  The email addresses of the users were exposed and also the information from an old database of 2007. This database contained the fields of username, passwords, and user private messages.

According to Reddit the hackers, for now unknown, managed to gain the permissions to read some of their systems that contained backups of user data, source code, internal logs and other files.

The company’s technology director, Christopher Slowe, admitted that this attack had been one of the most serious that they had suffered, but assured its users that they did not have full access to the Reddit systems. In the email that they are sending to their users, Reddit recommends changing the password immediately and if it was used in other services, change it also immediately. In addition, in the official statement that the company made, they recommended that they remove any incriminating publications accessible from their profile.

The company now demystifies the attack by saying that these attackers only managed to gain read access. They have also set to work to protect and improve their login as their monitoring systems.

How was it hacked?

The attack was achieved by intercepting SMS messages for Reddit employees with one-time passwords. Finally, when using two-factor authentication (2FA), Reddit had attacks in place.

This should be a wake-up call for those who believe that SMS-based authentication is secure. It is time that this method is not continued and changed to another type of authentication. Reddit encourages the use of the new token- based double authentication factor technology. This technology generates a password through a mobile application with a one-time password (Google Authenticator or authy).

Being users many times we feel unprotected. If the best companies can fall, we fall also with them too. We must be more critical with who manages our data and make a community to ensure that these attacks stop and companies are implementing the latest cybersecurity technologies. In this case, Reddit has fallen, but the question is; who will be next and what effect it will have on you?.

José María Moyano Suárez | R3 Cybersecurity  Consultant