Hacker intercepted text message code to accomplish cyberattack, says RedditAuthor : AZIndia News Desk
Aug 3 (AZINS) Popular social news website Reddit was warning users that a hacker broke into its systems, intercepting some employee text messages to get past defenses. Reddit didn't disclose the extent of the hack, saying it was conducting a "painstaking" investigation to determine what was accessed and to harden security. "Although this was a serious attack, the attacker did not gain write access to Reddit systems," Reddit said in an online post.
"They gained read-only access to some systems that contained backup data, source code and other logs." In essence, the hacker could look at data but not change anything. Information accessed included some current email addresses and a 2007 user database containing old passwords that were scrambled, according to Reddit, which was founded in 2005.
Reddit determined that a hacker compromised some employee accounts with cloud and source-code providers. Reddit heightens computer security with "two-factor authentication" that requires passwords to be accompanied by temporary codes sent via text messages, but the cyber-attack involved "SMS intercept" of texted codes, according to the company.
"As website breaches go, this one doesn't seem too severe," cyber-security specialist Brian Krebs said in a post on his Krebs on Security website. "What's interesting about the incident is that it showcases once again why relying on mobile text messages (SMS) for two-factor authentication (2FA) can lull companies and end users into a false sense of security."
The old database accessed in the hack held backup copies of Reddit user data from its first two years in operation. Also accessed were email digests from a few weeks in June, according to Reddit. Reddit was co-founded by Alexis Ohanian, husband of tennis superstar Serena Williams. Reddit is ranked among the most visited US websites, and has more than 138,000 "communities" for discussions on various topics.
Reddit is also known for ask-me-anything (AMA) sessions with well-known people such as Microsoft co-founder Bill Gates and former US president Barack Obama.