Reddit users’ data has been compromised by a hack, the company has revealed. The online discussion board says current email addresses and a database containing hashed passwords from 2007 was accessed six weeks ago.
The company is forcing a password reset for all users it believes may have been affected by the breach, which it says it discovered on June 19.
The first part of the hack pertained to the old database back-up, which contained all users’ information from its first two years of operation; between 2005 and May 2007. Reddit says account credentials like usernames and salted hashed passwords, email addresses and all content posted to the site – including private messages – was stolen.
The company is advising users it believes may be using those same login credentials to be on the lookout for a PM/email with password reset instructions. Redditors who signed up after 2007 are in the clear here. However, a lot more of the current user base are vulnerable to the email digests breach from June 2018.
Related: Best VPN
“The digests connect a username to the associated email address and contain suggested posts from select popular and safe-for-work subreddits you subscribe to,” the company writes in its explanation. Everyone who gets these digests from Reddit is affected by this, unfortunately.
Reddit advises users to do the following:
If your account credentials were affected and there’s a chance the credentials relate to the password you’re currently using on Reddit, we’ll make you reset your Reddit account password. Whether or not Reddit prompts you to change your password, think about whether you still use the password you used on Reddit 11 years ago on any other sites today.
If your email address was affected, think about whether there’s anything on your Reddit account that you wouldn’t want associated back to that address. You can find instructions on how to remove information from your account on this help page.
And, as in all things, a strong unique password and enabling 2FA (which we only provide via an authenticator app, not SMS) is recommended for all users, and be alert for potential phishing or scams.
Are Reddit and other web giants doing enough to protect our data from bad actors online? Drop us a line @TrustedReviews on Twitter.