Incident Of The Week: Attackers Breach Reddit Via SMS Intercept

Threat Actors Gain Access To Sensitive 2007 Site Data

Add bookmark

Dan Gunderman

[Featured Image: chrisdorney/]

In the dynamic world of cyber security, breaches are both tightly guarded and, sadly, imminent.

Combing through data, market research and threat-defense efforts taken by enterprises can be a daunting task. Here at Cyber Security Hub, we both track the latest industry news and make it more navigable for the IT professional. Cyber Security Hub coverage extends outwards – as it helps enterprises batten down their proverbial hatches.

In this edition of “Incident of the Week,” we examine a cyber-attack that hit popular news aggregator and discussion site, Reddit.

A hacker reportedly broke into a few of the company’s systems, lifting email addresses and a 2007 database holding old salted and hashed passwords.

In an announcement on its site, the company noted that the attacker did not gain write access to Reddit systems, instead capturing read-only access to systems with backup data, source code and other logs.

The statement reads that Reddit learned of the attack – which took place between June 14- 18 – just a day later, June 19. It said an attacker compromised employee accounts with its cloud and source code hosting providers.

See Related: Incident Of The Week: Cosco Shipping Faces Ransomware Attack

[Photo: Gil C/]

It reads: “Already having our primary access points for code and infrastructure behind strong authentication requiring two factor authentication (2FA), we learned that SMS-based authentication is not nearly as secure as we would hope, and the main attack was via SMS intercept. We point this out to encourage everyone here to move to token-based 2FA.”

Reddit also stated that the attacker was not able to alter the company’s information, and that it has “taken steps since the event to further lock down and rotate all production secrets and API keys, and to enhance our logging and monitoring systems.”

In a section for “What information was involved?” the company wrote: All Reddit data from 2007 and before including account credentials and email address, and email digests sent by Reddit in June 2018.

Some of the company’s remedial steps include: reporting the incident to law enforcement, messaging potentially affected users and taking “measures to guarantee that additional points of privileged access to Reddit’s systems are more secure.” On that point, Reddit said it involves enhanced logging, more encryption and requiring token-based 2FA to gain entry.

See Related: Incident Of The Week: LabCorp Hit With 'SamSam' Ransomware

Commenting on 2FA in a post about the incident, KrebsOnSecurity wrote: “A more secure alternative to SMS involves the use of a mobile app – such as Google Authenticator or Authy – to generate the one-time code that needs to be entered in addition to a password. This method is also sometimes referred to as a ‘time-based one-time password,’ or TOTP.”

Krebs continued, discussing the effectiveness of security keys in 2FA: “Probably the most secure form of 2FA available involves the use of hardware-based security keys. These inexpensive USB-based devices allow users to complete the login process simply by inserting the device and pressing a button. After a key is enrolled for 2FA at a particular site that supports keys, the user no longer needs to enter their password (unless they try to log in from a new device).”

One issue in the key-based entry, though, which Krebs points out: relatively few websites currently employ the method. However, popular sites like Dropbox, Facebook and GitHub do accept the keys, and Google is now requiring its 85,000+ employees to use them for 2FA.

While the security keys may help reduce privileged-access breaches on highly sensitive or highly visible platforms, it is clear that hacking antics will continue – until they encroach on the next vulnerability. As such, the Cyber Security Hub will be there to report and offer workable mitigation advice on the many incidents! Stay tuned for additional cyber-attack coverage.

Be Sure To Check Out: Incident Of The Week: Typeform Data Breach Impacts Customer Base