At last count, Reddit had at least as many average monthly users as the likes of Twitter, clocking in at over 330 million, was the fifth most visited site in the US, and had the highest user time-spend per day of any site in Australia.
Popularity often makes a website a juicy target for hackers, however, and Reddit’s now found itself an unwitting victim. Reddit's chief technology officer, Christopher Slowe, today revealed that the site experienced a data breach between June 14 and June 18, 2018, in which some of its users’ personal data was accessed.
Specifically, every user account that was created between the site’s launch in 2005 until May 2007 has potentially had its username, email address, salted hashed password, and private messages (during that timeframe) accessed.
Although the main group affected are those users that joined before May 2007, if you’re signed up for email digests from Reddit and received one between June 3 and June 17, the hacker may also be able to connect your email address to your username.
Reddit is sending messages to any user affected by the breach and automatically resetting their password, so if you haven’t been contacted in the next day or two then your account is likely unaffected.
Similarly, if you signed up after May 2007 and haven’t received an email from the address “firstname.lastname@example.org” between June 3 and June 17, you also likely don't need to worry.
As is the case with any potential breach, if you've been affected or think you may have been, then you'll want to change your password for the site in question, and on any other site that uses the same email and password combination. To protect yourself moving forward, it's also a good idea to enable two-factor authentication if you haven't already.
In a comment on his own post, Slowe added that Reddit had hired its first ever head of security mere weeks before the incident took place, stating that “he has been put through his paces in his first few months. So far he hasn’t quit.”