Reddit recently reported that its website was hacked this past June. The hacker scammed Reddit’s two-factor authentication system.

Luckily, the hacker was only able to access an old backup of the platform. As such, the hacker stole information which is most likely now irrelevant.

However, it is believed that the hacker could be able to match Reddit accounts with their users’ email addresses using the information found. According to one of Reddit’s engineers, the hacker did not gain authorization to records stored in the platform’s systems.

However, the stolen information has not been the main concern for the company.

Reddit’s staff members are most concerned about the fact that the hacker managed to break into employee accounts which were supposedly well protected. The login process for staff accounts required employees to use a password and then enter a unique code sent to their cellphones via SMS.

A spokesperson for Reddit has stated that the company recently learned that SMS-based authentication is not the most secure way to protect employees’ data.

In fact, the hacker mainly accessed data via SMS intercept.

It is quite common among hackers to assume a user’s identity and trick cellular providers into giving access to data.

Nevertheless, Reddit seems to have learned its lesson and is now encouraging its users to not use SMS-based authentication. The platform is instead encouraging the use of other options, such as a hardware-based security key.

Reddit is also advising its users to change their passwords.

 

Featured Image via Flickr/DJANDYW.COM