The data breach took place between 14 June and 18 June, when as-yet-unknown culprits accessed employee accounts through an SMS intercept attack, Reddit's chief technology officer Christopher Slowe said in a post to r/announcements.
Reddit only revealed the breach to the public on August 1, a whole 12 days after the incident.
'We learned that SMS-based authentication is not almost as secure as we would hope, and the main attack was via SMS intercept, ' the company said.
Next, the fact that the company seems disappointed by the ease with which the attackers bypassed the SMS 2FA it was using on its cloud accounts even though this older form of authentication has well-publicised weaknesses, including SIM swap fraud. After a key is enrolled for 2FA at a particular site that supports keys, the user no longer needs to enter their password (unless they try to log in from a new device). I'm sure many people have the same password linked across their social media accounts. The hacker appears to have intercepted some of the employees' SMS codes that were used for two-factor authentication (2FA). Reddit said it discovered the breach the next day, on June 19.
As a result, Reddit is now switching to a token system - which involves buying a physical fob that produces log-in codes instead.
Reddit says the attacker could only access and read some of its systems that contained backup data and source code.
"Cyber criminals can steal a victim's phone number by transferring it to a different SIM card with relative ease, thereby getting access to text messages and SMS-based authentication", Moffitt said. Users affected have been informed.
There were two main bits of info stolen in the Reddit attack. If so, Reddit users could be potentially robbed of their anonymity if usernames are connected to emails. Is is there that you'll find the instructions you seek for the deleting of content you wish to delete. The company has said that "if there's a chance the credentials taken reflect the account's current password", it will make you reset your Reddit account password.
Reddit is sending messages to any user affected by the breach and automatically resetting their password, so if you haven't been contacted in the next day or two then your account is likely unaffected.
The attacker also managed to get access to logs containing the email digests they sent between June 3 and June 17, 2018, which "connect a username to the associated email address" and contain suggested posts from subreddits users subscribe to.
Origin Access Premier: Breaking down EA’s new subscription service
In short, members will have access to every EA PC release, as well as being able to play new releases early in their entirety. That list will undoubtedly grow, but that's not a bad way to kick of a subscription service.