Attention all Redditors: Between June 14 and June 18, Reddit experienced a data breach. The popular website claims it discovered the breach on June 19 and has since made the necessary moves to contain and eliminate the threat. Unfortunately, there isn't much they can do about the data was that accessed and stolen — your user data.
To Reddit's credit, the site is maintaining a high degree of transparency, laying out key areas they believe user data was most compromised. The good news: not everyone was affected by this security breach. But to know whether or not you were, you'll have to walk through a few things.
- Don't Miss: The 5 Best Reddit Apps for Android
Right off the bat, users can distance themselves from worry so long as the Reddit accounts they have are not tied to email addresses on accounts made after 2007 (we'll explain more below). Suffice it to say that, according to Reddit, the hackers did not have access to user data on accounts without associated email addresses.
Per Reddit's report, there were two key categories of users whose data was compromised:
This is where the year your account is from makes a difference. Reddit was started in 2005, so users who signed up between its launch that year and May 2007 may have had data captured in an old backup of the site. This includes account credentials (usernames and salted hashed passwords), emails addresses, and all content posted in that period of time, including both public and private material.
If you signed up for Reddit in 2007 or earlier, you'll want to keep your eye out for a direct message from Reddit — the company is privately messaging all affected users, so make sure to open any new messages right away.
Reddit also highlights that logs of email digests sent between June 3 and June 17 of this year were accessed in the breach. These logs contain the digest emails, which tie usernames to email addresses, as well as suggested posts from safe-for-work subreddits you are subscribed to.
Again, if you don't have an email address associated with Reddit, you're good to go here. For all others, Reddit recommends you check your inbox for emails from firstname.lastname@example.org between the dates listed here to see if you might be affected.
If you find your information has been compromised in this breach, Reddit has some useful tips for you to protect yourself going forward:
- Change your password. If that password is the same as any other accounts you use, change those accounts as well.
- In addition, use two-factor authentication for your Reddit account. Make sure your two-factor authentication is app-based or third-party, like Google Authenticator or Authy. (The breach was likely the result of the hacker intercepting an SMS-based 2FA code.)
- If your email address was affected, follow Reddit's guide on removing content to delete any information you wouldn't want to be tied to your identity.
Reddit has stated its commitment to security for its users following this breach. However, no company or service is ever truly secure. This event is an excellent reminder to us all to practice good security habits with our accounts across the spectrum, as this breach will be far from the last.