Reddit SMS Two-Factor Authentication Breakdown

Reddit confirmed that a hacker broke into its systems and has gotten to client information – including emails and passwords for accounts.

The Reddit confirmed in a post  that the attack happened between June 14 and June 18, and it recognized the attack on June 19.

“We learned that an attacker compromised a few of Reddit’s accounts with cloud and source-code hosting providers by intercepting SMS two-factor authentication (2FA) verification codes,” a Reddit spokesperson told Threatpost. “We are working with federal law enforcement, and have also taken measures to both address this current situation and prevent similar incidents in the future.”

Those measures incorporate ensuring that extra purposes of administrator access to Reddit’s systems are more secure, including requiring token-based two-factor verification to gain access. The representative did not state what number of clients were affected, just expressing that “a small number of users were affected and have been notified.”

“Already having our primary access points for code and infrastructure behind strong authentication requiring two-factor authentication (2FA), we learned that SMS-based authentication is not nearly as secure as we would hope,” a spokesperson said. “We point this out to encourage everyone here to move to token-based 2FA.”

The hacker did not gained write access to Reddit frameworks; nonetheless, he gained read-only access to a few systems that contained back-up information, source code and different logs. They were not able to change Reddit data. As the site clarified, “we have taken steps since the event to further lock down and rotate all production secrets and API keys, and to enhance our logging and monitoring systems.”

 

Recent Articles

Hackers Install Secret Backdoor on Thousands of Microsoft SQL Servers

Cybersecurity researchers today uncovered a sustained malicious campaign dating back to May 2018 that targets Windows machines running MS-SQL servers to deploy...

COVID-19: SentinelOne Offers Free Platform Access

As the world battles COVID-19, enterprises are coping with immediate work-from-home needs and the challenges of protection beyond the network perimeter, says...

XSS vulnerability in the HTML Data Processor for CKEditor 4.0

A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web...

Unpatchable Flaw Affects All Intel CPUs Released in Last 5 Years

All Intel processors released in the past 5 years contain an unpatchable vulnerability that could allow hackers to compromise almost every hardware-enabled...

Photon: Light and Fast Web Crawler

Photon is a lightning fast web crawler which extracts URLs, files, intel & endpoints from a target. 160 requests per second while extensive...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Stay on op - Ge the daily news in your inbox