Reddit reveals major data breach, promises security fix

The social platform announced that hackers gained access to current user information and old data from 2007. The announcement came with an action plan to protect users’ data in the future—but no apology.

Ragan Insider Premium Content
Ragan Insider Content

Organizations that don’t invest in robust internet security are going to face a data breach scandal. It’s just a matter of time.

Reddit became the latest company to reveal that hackers gained access to private information, including email addresses, user credentials and private messages. While much of the data was old archival information, some of the user data was currently active.

Reddit revealed the breach in a blog post:

On June 19, we learned that between June 14 and June 18, an attacker compromised a few of our employees’ accounts with our cloud and source code hosting providers. Already having our primary access points for code and infrastructure behind strong authentication requiring two factor authentication (2FA), we learned that SMS-based authentication is not nearly as secure as we would hope, and the main attack was via SMS intercept. We point this out to encourage everyone here to move to token-based 2FA.

For users looking for a less-dense version, the company offered this summary:

To read the full story, log in.
Become a Ragan Insider member to read this article and all other archived content.
Sign up today

Already a member? Log in here.
Learn more about Ragan Insider.