Recently, attackers hacked Reddit, the web’s most popular social news sharing site. According to the Reddit security team, the hack happened on June 19. An attacker was able to compromise a handful of employee accounts within their cloud system and source code hosting providers.

How Attackers Hacked Reddit

In the past few years, “two-factor authentication” has been implemented to help secure online accounts. Two-factor authentication is an extra layer of security that forces users to verify their identity by receiving a text, e-mail, or a separate app.

However, attackers were able to intercept the two-factor authentication from Reddit employees’ phones, granting access to their accounts. This enabled the attackers to gain read-only access to backup data, source code, and other logs.

Some of these logs included all Reddit data prior to 2007, including user e-mails, private messages, and internal files.

How Reddit Is Handling The Attack

In this particular Reddit hack, attackers, gained read-only access to systems that contained backup data, source code, and other logs.  Fortunately, they were unable to alter any information. The Reddit security team has since “taken steps to further lock down and rotate all production secrets and API keys, and to enhance our logging and monitoring systems,” as stated in their announcement.

Key Areas Of User Data That Was Accessed

• All Reddit data from 2007 and before including account credentials and email addresses
  • What was accessed: “A complete copy of an old database backup containing very early Reddit user data — from the site’s launch in 2005 through May 2007. In Reddit’s first years it had many fewer features, so the most significant data contained in this backup are account credentials (username + salted hashed passwords), email addresses, and all content (mostly public, but also private messages) from way back then.”
  • How to tell if your information was included: “We are sending a message to affected users and resetting passwords on accounts where the credentials might still be valid. If you signed up for Reddit after 2007, you’re clear here. Check your PMs and/or email inbox: we will be notifying you soon if you’ve been affected.”
• Email digests sent by Reddit in June 2018
  • What was accessed: “Logs containing the email digests we sent between June 3 and June 17, 2018. The logs contain the digest emails themselves — they look like this. The digests connect a username to the associated email address and contain suggested posts from select popular and safe-for-work subreddits you subscribe to.”
  • How to tell if your information was included: “If you don’t have an email address associated with your account or your “email digests” user preference was unchecked during that period, you’re not affected. Otherwise, search your email inbox for emails from noreply@redditmail.com between June 3-17, 2018.”

The Reddit team has reported the issue to law enforcement, who are fully cooperating with their investigation. Additionally, Reddit is also messaging user accounts that could potentially be compromised.

This includes enhanced logging, more encryption, and token-based two-factor authentication instead of SMS-based two-factor authentication.

What Users Can Do About The Reddit Hack

First, users are recommended to check whether or not their data has been accessed according to the above instructions. Users are then recommended to change their passwords on Reddit as well as other accounts that may have the same password.

Following these steps will ensure that a further data breach or Reddit hack will not affect your accounts.

Protect Your Data With A VPN

Furthermore, using a Virtual Private Network, or VPN, is recommended to protect your online anonymity. A VPN allows users to encrypt and route their online data to secure and remote servers around the world.

With a VPN connection, the Reddit servers are unable to see your IP address or connection. Reddit would only be able to see your VPN’s connection.

And, if you’re looking for a VPN provider, FlashRouters has the perfect options for you.

Upgrade Your Whole Network to a VPN-Cofigured FlashRouter

A FlashRouter allows your entire home network to benefit from these VPN services, protecting any device you connect to it. For example, accessing Reddit via mobile phone, tablet, or desktop will be protected through your VPN connection.

Check out some of our most popular models:

NordLynx WiFi 6 Router – Privacy Hero

$179.99
$249.99

BUY NOW

• Perfect for Medium Homes
• Perfect for 20-30 Devices

AX3000 WiFi 6 VPN FlashRouter

$129.99
$149.99

BUY NOW

• Perfect for Medium Homes
• Perfect for 20-30 Devices

Asus RT-BE88U WiFi 7 Merlin FlashRouter

$469.99
$599.99

BUY NOW

• Upgraded with Custom Merlin Firmware.
• Next Gen WiFI 7 Update of Asus favorite model.

The FlashRouters VPN Privacy App

Streamers can manage their VPN-configured router connection with the new FlashRouters VPN Privacy App. The FR Privacy App is an easy, free, and user-friendly way to access and configure your wireless network. Our app runs directly from any Internet browser on desktop or mobile devices.

This allows for easy tweaking and VPN configuration, including but not limited to:

• • • Easy device management.
    • Seamless VPN server switching.
    • Optimized UI on any browser or mobile phone.
    • Kill switch and VPN bypass by device.

Want better support for your entire network? The FlashRouters Privacy App is here to help.

Still haven’t found the perfect router or VPN for you? Check out some of our best Flashrouters of 2019 or contact our support team for more information!