If you’re a Reddit user, it’s time to change your password. According to the company, they recently discovered evidence of a hack that exposed all company data from the site’s launch (2005) to 2007, including user emails and account credentials.
The company also reported that all public messages from that time period were downloaded, as well as an unknown number of private conversations.
In addition to that, the hacker was apparently able to access the logs containing the email digests that Reddit sent out between June 3rd and June 17th of 2018. Note that you were only impacted by this portion of the hack if you received an email from firstname.lastname@example.org between the dates mentioned.
Reddit is following what has quickly become standard procedure in the wake of an event like this. They reported the incident and are currently working with law enforcement to investigate the matter. Additionally, the company has bolstered its security, including making two-factor authentication a requirement to access all sensitive internal systems.
One slight departure from the standard response is this: Rather than notifying only the users whose email addresses and account credentials were compromised, Reddit is urging all users to change their passwords immediately and to enable two-factor authentication if you have not already done so.
It’s sound advice, but unfortunately, advice that only a minority of Reddit users will likely heed.
This is hardly the first high profile data breach in 2018, and it certainly won’t be the last. Each new breach reported on only sounds the alarm more loudly. Corporate systems are woefully insecure, and the hackers are finding more and more success. 2018 is on track to break the record set in 2017 for the most breaches in the history of the internet, and next year will probably break the record set later this year.
As ever, vigilance is the key.