Reddit Suffers Data Breach With Hackers Obtaining Email Addresses From Some Users

DeepIn2U · Aug 1, 2018

fairuz said:
But this is concerning. SMS intercept? What? I know there's info on this, but it requires knowledge of how all that incredibly complicated cellular stuff works, and I kinda assumed it was secure enough since so many sites rely on it.

Mobile providers need to STOP allowing their reps to have remote access over the web to their network switches! Many have over the last decade or two ... but many still allow it. sad really. There are tools though.

thisisnotmyname said:
Time for:

a) POTS routing system to receive a massive secure upgrade
b) companies to stop relying on SMS as a second factor

You and me ... we are here

macduke · Aug 1, 2018

Northgrove said:
Yes I think this will be the greater problem, not only for weirdos, but regular users having posted sensitive stuff or photos before. That e-mail addresses will point to actual names/identities as they often do.

I never posted anything too weird, but some sensitive stuff about my family and dealing with their mental illness. Some of that I've posted on MacRumors before at a surface level, but out of an abundance of caution for something I write being potentially used out of context in the future I used a wildly different name and even made a matching Gmail address for it.

The Game 161 · Aug 1, 2018

Was from 2007 though so not an issue for recent users

jclo · Aug 1, 2018

The Game 161 said:
Was from 2007 though so not an issue for recent users

If you received the reddit newsletter thing, it's an issue for recent members. Usernames with linked email addresses were obtained from that database.

vipergts2207 · Aug 1, 2018

macduke said:
Did you just assume my membership? What kind of a neckbeard does that? Are you fraking sorry? I oughta break both your arms. *REDDITING INTENSIFIES*

Ah, the ol' Reddit switcharoo.

I wrote that in full understanding. Lots and lots of weirdos on that site with throwaways that might be tied to real emails using their name writing things that could ruin their careers or standing in society once they're doxed.

I still fail to see how this doesn't dovetail with the real world. One, weirdos tend to stand out more from the crowd, both on reddit and in the real world. Two, people's 'personal selves' are probably weirder in general than their 'public selves' as a rule. Most people don't want to be thought of as weird, so they tone down their eccentricities in public. The anonymity of reddit allows for the former to come out more than it otherwise would in a public space. How many 'normal' people do you think you know in real life, who may be one of the 'weirdos' on reddit? There's a reason the general rule of thumb is to keep your username secret, or to make throwaway accounts.

macduke · Aug 1, 2018

vipergts2207 said:
There's a reason the general rule of thumb is to keep your username secret, or to make throwaway accounts.

Yeah that's the whole reason I was saying that a lot of people are probably worried about that. And yes, there are some REAL weirdos on reddit. Like legit whackjobs. Moreso than I see other places online (though the hacker 4Chan likely has them beat by a long shot).

Avenged110 · Aug 1, 2018

TomaxXamot said:
Of course it has had, and still has, some dark corners, such as r/The_Donald...

lmao r/The_Donald is the only not-trashy part of Reddit that makes the site worth visiting for me (aside from a random band's page).

Shirasaki · Aug 1, 2018

thisisnotmyname said:
companies to stop relying on SMS as a second factor

Apple’s 2FA with only one Apple device...
people with only one device should not rely on 2FA. Sad that it is no longer an option.

ignatius345 · Aug 1, 2018

BasicGreatGuy said:
I use it on occasion. I am not affected by the breach. I have 2FA turned on anyway.

Which is great as long as it's not 2FA that goes through SMS.

Hopefully this will remind more companies that SMS-based 2FA is basically trash.

https://arstechnica.com/information...-reddit-that-yes-phone-based-2fa-is-that-bad/

Shirasaki · Aug 2, 2018

ignatius345 said:
Which is great as long as it's not 2FA that goes through SMS.

Hopefully this will remind more companies that SMS-based 2FA is basically trash.

https://arstechnica.com/information...-reddit-that-yes-phone-based-2fa-is-that-bad/

One company I know uses such hardware key to allow certain employer access intranet and "certain part" of internet. That said key is also used to access special software.
Several banks in China implements another form of key that generates a unique 6-digit auth code indefinitely. When log into online bank system, site requires user to enter that 6-digit code in a textbox protected by some sort of "security plug-in", alongside the password. This should be robust enough as that key is inaccessible via internet. The best bet to get the number is via social engineering.

ksnell · Aug 2, 2018

coolfactor said:
Reddit is one of those places that I could never quite get my mind wrapped around. Still find the concepts of "subreddits", etc. difficult to understand. and I'm a software engineer!

Pretty simple really. Each "subreddit" is a forum for that specific topic, and you can post threads to it, comment, upvote the good ones and downvote the bad ones.

Instead of an "@" to reference accounts like on Twitter (and most other social media), you reference users with "u/pickausername" and subreddits with r/pickasubreddit"

OneMike · Aug 2, 2018

I don’t have an email associated with my reddit account. Honestly though, as much as I use the net and I’m a developer. I’ve only been on Reddit the past couple years.

TomaxXamot · Aug 2, 2018

Avenged110 said:
lmao r/The_Donald is the only not-trashy part of Reddit that makes the site worth visiting for me (aside from a random band's page).

That sub is toxic and sickening. But hey, cool, now I can finally use Macrumors’ Ignore function for the first time!

MacBH928 · Aug 2, 2018

Why.. why do they still have a backup from 2007?

I guess, anything that goes online is really never erased. Just imagine what Google has.
Its futile to delete anything then...

Avenged110 · Aug 3, 2018

TomaxXamot said:
That sub is toxic and sickening. But hey, cool, now I can finally use Macrumors’ Ignore function for the first time!

Lol, whatever you want to think, man. I'd expect nothing less from a Seattle resident.

MacBH928 said:
Why.. why do they still have a backup from 2007?

I mean, if I was running a website, I'd keep backups for the life of the site. You never know when you may want that.

MacBH928 · Aug 3, 2018

Avenged110 said:
Lol, whatever you want to think, man. I'd expect nothing less from a Seattle resident.

I mean, if I was running a website, I'd keep backups for the life of the site. You never know when you may want that.

because it renders deleting posts, username, replies, inbox useless. Its a privacy concern thing. I thought when you delete something companies will delete it. I guess every file I uploaded to DropBox is just backup somewhere.

Avenged110 · Aug 4, 2018

MacBH928 said:
because it renders deleting posts, username, replies, inbox useless. Its a privacy concern thing. I thought when you delete something companies will delete it. I guess every file I uploaded to DropBox is just backup somewhere.

Oh i get why it's a concern, I'm just saying, I feel like having data brings with it the desire to archive.

Search

Search

Reddit Suffers Data Breach With Hackers Obtaining Email Addresses From Some Users

DeepIn2U

macrumors G5

macduke

macrumors G5

The Game 161

macrumors Nehalem

jclo

Managing Editor

vipergts2207

Suspended

macduke

macrumors G5

Avenged110

macrumors 6502a

Shirasaki

macrumors P6

ignatius345

macrumors G3

Shirasaki

macrumors P6

ksnell

macrumors 6502a

OneMike

macrumors 603

TomaxXamot

macrumors 6502

MacBH928

macrumors G3

Avenged110

macrumors 6502a

MacBH928

macrumors G3

Avenged110

macrumors 6502a

Our Staff